Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

URL:Mal Infection [Solved]


  • This topic is locked This topic is locked

#1
RichardSF

RichardSF

    New Member

  • Member
  • Pip
  • 6 posts
Hi

Avast is coming up with a pop up blocking a Url:Mal Infection. Avast has detected and stored in the virus chest a Win32 Downloader-NRP Trojan but I am still getting the alerts. I have run MBAM and it has come up as clean.

I have run OTL and the log is below, I'm hoping someone can help me please. Thanks v much.

OTL logfile created on: 29/03/2012 16:32:02 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\stevena\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.37 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 32.83% Memory free
1.79 Gb Paging File | 1.10 Gb Available in Paging File | 61.34% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 3.17 Gb Free Space | 4.25% Space Free | Partition Type: NTFS

Computer Name: HP-BABY | User Name: stevena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/29 16:17:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stevena\My Documents\Downloads\OTL.exe
PRC - [2012/03/13 05:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\stevena\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/06/07 08:39:36 | 005,395,968 | ---- | M] (hMailServer) -- C:\Program Files\hMailServer\Bin\hMailServer.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2005/04/08 19:08:08 | 000,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2005/03/10 10:09:58 | 001,040,384 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcmntray.EXE
PRC - [2005/02/02 13:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/23 11:07:30 | 000,569,405 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2004/12/23 11:07:00 | 001,261,652 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2004/12/03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/10/26 19:53:28 | 000,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\asghost.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/29 09:40:56 | 001,752,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12032900\algo.dll
MOD - [2012/03/13 05:36:53 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/30 11:19:14 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
MOD - [2005/11/15 20:42:22 | 000,010,752 | ---- | M] () -- C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
MOD - [2005/05/19 22:03:30 | 000,442,368 | ---- | M] () -- C:\Program Files\HPQ\HP BIOS Configuration for ProtectTools\HPBiosSettings.dll
MOD - [2004/12/23 11:08:26 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2004/06/01 10:39:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2004/02/26 01:31:24 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2003/04/22 14:17:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Resco\Pocket Encryption\RExpCtxU.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/01 03:48:12 | 002,089,472 | ---- | M] (Bdrive Inc.) [Disabled | Stopped] -- C:\Program Files\Netdrive\ndsvc.exe -- (ndsvc)
SRV - [2010/06/07 08:39:36 | 005,395,968 | ---- | M] (hMailServer) [Auto | Running] -- C:\Program Files\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010/01/19 17:49:14 | 000,055,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2008/05/22 00:57:50 | 000,092,792 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/08/01 15:29:52 | 003,822,624 | ---- | M] (Paessler GmbH) [Disabled | Stopped] -- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe -- (PRTGService)
SRV - [2006/07/26 13:03:30 | 000,443,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe -- (prtgwatchservice)
SRV - [2005/03/17 23:14:50 | 002,117,632 | ---- | M] (Altiris, Inc.) [Disabled | Stopped] -- C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXRSAgt.exe -- (Altiris Recovery Solution Agent)
SRV - [2005/03/17 23:10:44 | 000,053,248 | ---- | M] (Altiris, Inc.) [Disabled | Stopped] -- C:\Program Files\Altiris\eXpress\Client Recovery Agent\AeXFALS.exe -- (Altiris Recovery Solution FAL Stopper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\stevena\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys -- (pciinfo)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{801217EB-7E2E-48E3-97BA-8AFF76405D19}\MpKsl89df115f.sys -- (MpKsl89df115f)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{801217EB-7E2E-48E3-97BA-8AFF76405D19}\MpKsl39de96f3.sys -- (MpKsl39de96f3)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\215.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\gtipci21.sys -- (GTIPCI21)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\stevena\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/07 00:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 00:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 00:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 00:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 00:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 00:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 23:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/12/01 20:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 11:39:20 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/07 11:31:24 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/14 19:12:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/06/05 11:42:28 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2008/05/22 00:57:38 | 000,034,576 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2005/04/25 02:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2005/04/18 02:00:06 | 001,038,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/04/18 02:00:06 | 000,703,488 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/18 02:00:06 | 000,200,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/04/06 14:51:12 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/04/06 14:50:20 | 000,038,144 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/04/04 17:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/30 02:02:22 | 000,116,594 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2005/03/17 23:11:16 | 000,031,232 | ---- | M] (Altiris, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\RSAFAL.sys -- (RSAFAL)
DRV - [2005/03/10 10:09:58 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/01/27 18:09:08 | 000,128,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2005/01/24 16:38:04 | 000,084,512 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/01/24 16:38:04 | 000,006,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/01/24 16:38:00 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) Samsung Mobile USB Device 1.0 driver (WDM)
DRV - [2004/12/23 10:52:12 | 000,399,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/12/23 10:50:06 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/12/23 10:49:16 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/12/23 10:47:18 | 000,030,299 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/12/23 10:47:10 | 000,030,125 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2004/12/23 10:46:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/08/12 00:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 09:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 09:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/04/14 15:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/02/20 18:35:28 | 000,059,044 | R--- | M] (Hewlett-Packard) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\clntmgmt.sys -- (ClntMgmt.sys)
DRV - [2003/10/15 09:07:38 | 000,012,288 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtdv2ku2.sys -- (MTDVC2)
DRV - [2003/10/11 00:39:52 | 000,011,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtdv2ks2.sys -- (MTDVC2_ENUM)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/06/06 19:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 20:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {009D0336-C033-4AB2-B4A8-1BF866752D93}
IE - HKCU\..\SearchScopes\{009D0336-C033-4AB2-B4A8-1BF866752D93}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = TWIZZLE:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{7837F1E9-8223-4CE9-B5AC-CC54C3CFCA35}: C:\Documents and Settings\stevena\Local Settings\Application Data\{7837F1E9-8223-4CE9-B5AC-CC54C3CFCA35}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/29 09:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/14 10:57:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/22 13:08:22 | 000,000,000 | ---D | M]

[2008/12/08 18:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\stevena\Application Data\Mozilla\Extensions
[2008/12/08 18:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\stevena\Application Data\Mozilla\Extensions\[email protected]
[2012/03/13 17:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\stevena\Application Data\Mozilla\Firefox\Profiles\6r3xky0i.Default User\extensions
[2011/08/12 16:54:37 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\stevena\Application Data\Mozilla\Firefox\Profiles\6r3xky0i.Default User\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/03/14 10:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\STEVENA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6R3XKY0I.DEFAULT USER\EXTENSIONS\[email protected]
[2012/03/13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/10/09 18:07:34 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2007/05/22 19:32:00 | 001,560,576 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2007/05/22 19:14:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2007/05/22 19:17:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2012/03/13 06:38:05 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 06:38:05 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/03/13 06:38:05 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/03/13 06:38:05 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: LogMeIn, Inc. Remote Access Components 1.0.0.284 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Delicious Tools = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gclkcflnjahgejhappicbhcpllkpakej\1.5.2_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Feedly = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja\9.3.426_0\
CHR - Extension: Gmail = C:\Documents and Settings\stevena\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/04/13 16:09:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (del.icio.us Toolbar Helper) - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Cognizance Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto File not found
O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\stevena\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\stevena\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6651E635-32DF-4171-AD2C-A9A7161C4D64}: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6D907CE-8429-448A-97A7-2AB44FE498D6}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OneCard: DllName - (C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll) - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ae2c664b-5930-11e0-9834-0010c68a6ef0}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2c664b-5930-11e0-9834-0010c68a6ef0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae2c664b-5930-11e0-9834-0010c68a6ef0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/21 17:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stevena\Application Data\FileZilla
[2012/03/21 17:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2012/03/21 17:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/03/13 16:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stevena\Local Settings\Application Data\QtWeb.NET
[2012/03/13 16:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\QtWeb
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/29 16:20:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3169100962-182513556-2309086269-1006UA.job
[2012/03/29 15:12:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/29 10:21:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/29 10:20:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/29 10:13:14 | 000,001,844 | -H-- | M] () -- C:\Documents and Settings\stevena\My Documents\Default.rdp
[2012/03/29 09:39:00 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/29 09:27:51 | 000,485,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/29 09:27:51 | 000,086,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/27 17:37:52 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\stevena\Local Settings\Application Data\PUTTY.RND
[2012/03/27 10:20:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3169100962-182513556-2309086269-1006Core.job
[2012/03/22 16:26:35 | 006,750,208 | ---- | M] () -- C:\initrd.img.old
[2012/03/22 12:22:33 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\stevena\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/22 12:22:32 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\stevena\Desktop\Google Chrome.lnk
[2012/03/14 10:57:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/13 16:12:29 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QtWeb.lnk
[2012/03/07 00:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/07 00:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/07 00:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/07 00:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/07 00:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/07 00:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/07 00:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/07 00:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/07 00:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 23:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/02 10:23:03 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\stevena\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/29 16:47:24 | 000,001,301 | ---- | M] () -- C:\Documents and Settings\stevena\My Documents\testnos.csv
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/29 15:12:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/22 16:26:01 | 006,750,208 | ---- | C] () -- C:\initrd.img.old
[2012/03/20 17:40:09 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\stevena\Local Settings\Application Data\PUTTY.RND
[2012/03/13 16:12:29 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QtWeb.lnk
[2012/03/13 16:12:28 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\QtWeb Internet Browser.lnk
[2012/02/29 16:47:19 | 000,001,301 | ---- | C] () -- C:\Documents and Settings\stevena\My Documents\testnos.csv
[2011/11/08 14:33:00 | 000,040,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/26 14:54:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/04/13 15:08:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Uqahe.bin
[2011/04/13 15:08:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gfagovoxadosexa.dat
[2011/03/28 12:55:46 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2011/03/26 14:49:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/08 16:03:30 | 000,000,300 | -H-- | C] () -- C:\Documents and Settings\stevena\Application Data\9d55a160db8e34f23f7116c9c272cb2475fc7482
[2010/12/08 16:03:30 | 000,000,300 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\9d55a160db8e34f23f7116c9c272cb2475fc7482
[2010/12/07 12:13:33 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/25 13:01:06 | 000,099,436 | ---- | C] () -- C:\Program Files\Common Files\Engines.lnl
[2010/04/19 13:34:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/09 10:37:19 | 000,070,611 | ---- | C] () -- C:\WINDOWS\php.ini

========== LOP Check ==========

[2011/05/07 10:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/28 12:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2009/01/10 13:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2010/06/02 16:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lencom
[2010/05/20 12:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/11/26 18:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/03/31 18:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2008/11/28 13:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2008/11/27 20:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2010/12/07 12:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2007/08/13 16:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/08 18:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/04/29 11:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2005/10/11 21:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/01/03 12:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/20 12:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 12:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/15 14:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/03 17:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Amazon
[2010/11/29 12:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Audacity
[2011/03/28 12:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Birdstep Technology
[2008/11/27 20:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\deskUNPDF
[2009/01/10 13:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\DonationCoder
[2012/03/29 13:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Dropbox
[2012/03/27 17:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\FileZilla
[2005/10/26 21:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\InterVideo
[2010/12/08 16:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\iSpring Solutions
[2006/02/04 14:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Leadertech
[2010/06/02 16:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Lencom
[2006/02/23 18:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Mindjet
[2012/03/22 16:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\MySQL
[2009/02/26 13:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\NetDrive
[2008/11/28 13:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Nitro PDF
[2011/02/15 12:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Notepad++
[2011/04/08 11:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\QuickScan
[2006/02/08 17:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Samsung
[2011/10/14 14:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\Spotify
[2008/12/08 18:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\TomTom
[2010/04/29 11:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stevena\Application Data\TrueCrypt

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you take a screenshot of the Avast alert please and attach that

Did you set a proxy in IE

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = TWIZZLE:8080


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    [2011/04/13 15:08:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Uqahe.bin
    [2011/04/13 15:08:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gfagovoxadosexa.dat
    [2010/12/08 16:03:30 | 000,000,300 | -H-- | C] () -- C:\Documents and Settings\stevena\Application Data\9d55a160db8e34f23f7116c9c272cb2475fc7482
    [2010/12/08 16:03:30 | 000,000,300 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\9d55a160db8e34f23f7116c9c272cb2475fc7482


    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
RichardSF

RichardSF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi, firstly thank you very much for your time and help.

Unfortunately the last pop I have is an update pop up which came this morning. From memory it was blocking access to the url of an image. I can attach a copy of what's in the virus vault if that's of any use.

As far as setting a proxy is concerned in IE, I may (although am not 100% sure) have done that a couple of years ago but I haven't used IE for years, I mainly use FF.

I followed your instructions and the results are as follows:

OTL results:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
C:\WINDOWS\Uqahe.bin moved successfully.
C:\WINDOWS\Gfagovoxadosexa.dat moved successfully.
C:\Documents and Settings\stevena\Application Data\9d55a160db8e34f23f7116c9c272cb2475fc7482 moved successfully.
C:\Documents and Settings\All Users\Application Data\9d55a160db8e34f23f7116c9c272cb2475fc7482 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\stevena\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\stevena\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: stevena
->Temp folder emptied: 83138 bytes
->Temporary Internet Files folder emptied: 5347637 bytes
->Java cache emptied: 62862 bytes
->FireFox cache emptied: 279034877 bytes
->Google Chrome cache emptied: 161082229 bytes
->Apple Safari cache emptied: 2348032 bytes
->Flash cache emptied: 1314479 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 861713 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 128256 bytes
Windows Temp folder emptied: 3153454 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 298520300 bytes

Total Files Cleaned = 717.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 03302012_092555

Files\Folders moved on Reboot...
C:\Documents and Settings\stevena\Local Settings\Temp\WCESLog.log moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_8c0.dat moved successfully.

Registry entries deleted on Reboot...


aswMBR result:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 11:38:42
-----------------------------
11:38:42.250 OS Version: Windows 5.1.2600 Service Pack 3
11:38:42.250 Number of processors: 1 586 0x2402
11:38:42.250 ComputerName: HP-BABY UserName: stevena
11:38:44.984 Initialize success
11:38:45.593 AVAST engine defs: 12032900
11:38:59.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:38:59.156 Disk 0 Vendor: ST9808211A 3.02 Size: 76319MB BusType: 3
11:38:59.187 Disk 0 MBR read successfully
11:38:59.187 Disk 0 MBR scan
11:38:59.187 Disk 0 unknown MBR code
11:38:59.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
11:38:59.218 Disk 0 scanning sectors +156280320
11:38:59.312 Disk 0 scanning C:\WINDOWS\system32\drivers
11:39:14.031 Service scanning
11:39:38.515 Modules scanning
11:39:58.812 Disk 0 trace - called modules:
11:39:58.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:39:58.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a51cab8]
11:39:59.203 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\0000009a[0x8a4ed9e8]
11:39:59.218 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a511940]
11:39:59.562 AVAST engine scan C:\WINDOWS
11:40:30.500 AVAST engine scan C:\WINDOWS\system32
11:43:56.687 AVAST engine scan C:\WINDOWS\system32\drivers
11:44:20.234 AVAST engine scan C:\Documents and Settings\stevena
12:14:04.718 AVAST engine scan C:\Documents and Settings\All Users
12:22:23.718 Scan finished successfully
12:22:51.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\stevena\Desktop\MBR.dat"
12:22:51.953 The log file has been saved successfully to "C:\Documents and Settings\stevena\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting the alerts as Avast will give me an indication of the process being used

Yes could you give me the full file path from the virus chest
  • 0

#5
RichardSF

RichardSF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi

I am no longer receiving the alerts. I've attached an image of the virus chest.

Thanks very much.

Attached Thumbnails

  • avast.JPG

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets run an orphan check - How is the computer behaving now ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
RichardSF

RichardSF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi, the log is below, thanks.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
stevena :: HP-BABY [administrator]

03/04/2012 09:21:41
mbam-log-2012-04-03 (09-21-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204727
Time elapsed: 21 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now before I remove my tools
  • 0

#9
RichardSF

RichardSF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi

It seems to be fine, thanks very much
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#11
RichardSF

RichardSF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
great, thanks so much for all your help.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP