Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected to websites/unable to access security updates

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Redirected to websites/unable to access security updates

Unread postby nickb1 » November 20th, 2010, 7:30 pm

OTL Log below. Computer seems to be running well. I can now access security sites previously blocked. No unexpected redirects so far.

Regards

Nickb1


OTL logfile created on: 20/11/2010 23:21:47 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.78 Gb Total Space | 26.77 Gb Free Space | 18.62% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 1.41 Gb Free Space | 26.79% Space Free | Partition Type: FAT32

Computer Name: MAINHP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\HP Media Center Help\Pavilion\XPEWWBS4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)
MOD - C:\WINDOWS\system32\nview.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwrseng.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SolarWinds TFTP Server) -- C:\Documents and Settings\Administrator\Application Data\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe File not found
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe File not found
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (CVPND) -- C:\Program Files\European Commission\Connection Client\cvpnd.exe (Cisco Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (SynasUSB) -- C:\WINDOWS\System32\drivers\SynasUSB.sys File not found
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys File not found
DRV - (Navcar) -- C:\WINDOWS\System32\DRIVERS\Navcar.sys File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (HDJMidi) -- C:\WINDOWS\system32\drivers\HDJMidi.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (Bulk) -- C:\WINDOWS\system32\drivers\HDJBulk.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (HDJAsioK) -- C:\WINDOWS\system32\drivers\HDJAsioK.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (P1131VID) Creative WebCam NX Pro (WDM) -- C:\WINDOWS\system32\drivers\P1131Vid.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (hcwPVRP2) Hauppauge WinTV-PVR PCI II (Encoder-16) -- C:\WINDOWS\system32\drivers\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (SiSV) -- C:\WINDOWS\system32\drivers\SiSV.sys (Silicon Integrated Systems Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://pac.telenet.be:8080

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://pac.telenet.be:8080

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://pac.telenet.be:8080

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2643133495-2559317173-667412711-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
IE - HKU\S-1-5-21-2643133495-2559317173-667412711-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-2643133495-2559317173-667412711-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-2643133495-2559317173-667412711-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2643133495-2559317173-667412711-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2643133495-2559317173-667412711-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = bt.yahoo.com
IE - HKU\S-1-5-21-2643133495-2559317173-667412711-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2643133495-2559317173-667412711-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2643133495-2559317173-667412711-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://pac.telenet.be:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.39.0
FF - prefs.js..network.proxy.autoconfig_url: "http://pac.telenet.be:8080"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/07 12:24:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/22 07:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/05 15:47:38 | 000,000,000 | ---D | M]

[2008/12/17 22:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/12/17 22:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/11/14 19:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ieor8vgd.default\extensions
[2009/09/03 20:58:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ieor8vgd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/26 21:45:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ieor8vgd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/19 10:51:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/24 22:17:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/18 18:41:56 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2010/11/19 10:51:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/08/27 19:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll
[2010/11/19 10:50:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2004/01/14 02:09:25 | 000,176,176 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/09/06 22:33:51 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/09/06 22:33:51 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/05/27 15:45:02 | 000,000,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml
[2009/09/06 22:33:51 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/09/06 22:33:51 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2007/06/17 11:57:19 | 000,000,734 | -HS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2643133495-2559317173-667412711-500\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2643133495-2559317173-667412711-500\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2643133495-2559317173-667412711-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2643133495-2559317173-667412711-500\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2643133495-2559317173-667412711-500\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2643133495-2559317173-667412711-500..\Run: [Acme.PCHButton] C:\Program Files\HP Media Center Help\Pavilion\XPEWWBS4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKU\S-1-5-21-2643133495-2559317173-667412711-500..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-2643133495-2559317173-667412711-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\lsass.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2643133495-2559317173-667412711-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2643133495-2559317173-667412711-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2643133495-2559317173-667412711-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoAdminPage = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-2643133495-2559317173-667412711-500\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2643133495-2559317173-667412711-500\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/ms ... b31267.cab (Checkers Class)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (Reg Error: Key error.)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15015/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/ ... arth3D.cab (SentinelVE3D Class)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/file ... _en_US.cab (DjVuCtl Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab (InstallerBehaviorFactory Class)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/in ... er_gmn.cab (VerifyGMN Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} http://client2.tvtonic.com/Webservice/P ... Stage1.cab (Wavexpress Cab Helper)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/Mi ... b31267.cab (Minesweeper Flags Class)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/active ... rdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/ ... leaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/06f1c32e158 ... xIE601.cab (RdxIE Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Fac ... loader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 8223220906 (MUWebControl Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/house ... hcImpl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} http://yax-download.yazzle.net/YazzleAc ... refid=1123 (Reg Error: Key error.)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://davidbroster.homeserver.com:544 ... /msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} http://85.255.114.166/1/rdgBE2404.exe (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZI ... b56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload.ijjimax.com/gamedow ... in9USA.cab (Reg Error: Key error.)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab57176.cab (ZoneChess Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15023/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary/So ... b31267.cab (Solitaire Showdown Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O16 - DPF: RaptisoftGameLoader http://www.miniclip.com/hamsterball/rap ... loader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/10 17:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{01a22962-ad7c-11dd-8b81-00112f472206}\Shell - "" = AutoRun
O33 - MountPoints2\{01a22962-ad7c-11dd-8b81-00112f472206}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01a22962-ad7c-11dd-8b81-00112f472206}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1b9fd435-c3d6-11df-94b5-00112f472206}\Shell - "" = AutoRun
O33 - MountPoints2\{1b9fd435-c3d6-11df-94b5-00112f472206}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b9fd435-c3d6-11df-94b5-00112f472206}\Shell\AutoRun\command - "" = I:\laucher.exe -- File not found
O33 - MountPoints2\{1b9fd438-c3d6-11df-94b5-00112f472206}\Shell - "" = AutoRun
O33 - MountPoints2\{1b9fd438-c3d6-11df-94b5-00112f472206}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b9fd438-c3d6-11df-94b5-00112f472206}\Shell\AutoRun\command - "" = J:\laucher.exe -- File not found
O33 - MountPoints2\{21056986-6837-11da-9ed6-00112f472206}\Shell - "" = AutoRun
O33 - MountPoints2\{21056986-6837-11da-9ed6-00112f472206}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21056986-6837-11da-9ed6-00112f472206}\Shell\AutoRun\command - "" = G:\Loader.EXE -- File not found
O33 - MountPoints2\{267f1a64-1d09-11de-8c03-00112f472206}\Shell\AutoRun\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{267f1a64-1d09-11de-8c03-00112f472206}\Shell\explore\Command - "" = FESAEM.exe
O33 - MountPoints2\{267f1a64-1d09-11de-8c03-00112f472206}\Shell\open\Command - "" = FESAEM.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/20 22:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/11/20 22:19:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/20 22:19:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/20 22:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/20 22:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/20 22:18:26 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/11/19 10:51:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/19 10:51:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/19 10:51:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/18 12:46:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/14 17:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/12 23:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/11/12 22:45:27 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/11/09 19:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2010/11/06 19:44:51 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/11/05 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/05 15:47:38 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/04 15:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/11/02 21:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/26 22:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ykwe
[2010/10/26 22:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ifnux
[2003/11/14 00:54:38 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[8 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/20 23:09:41 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/20 22:58:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/20 22:55:01 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/11/20 22:54:43 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/20 22:54:41 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/20 22:53:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/20 22:53:18 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/20 22:52:43 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx
[2010/11/20 22:52:43 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx
[2010/11/20 22:52:43 | 000,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx
[2010/11/20 22:52:43 | 000,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx
[2010/11/20 22:52:43 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-20051102}.rfx
[2010/11/20 22:52:43 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/11/20 22:52:43 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/11/20 22:52:10 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-20051102}.CDF
[2010/11/20 22:19:17 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/20 22:16:30 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/11/20 21:12:53 | 000,632,241 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/11/20 21:12:52 | 067,877,225 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/11/20 12:03:47 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1F6CA2B1-9BDE-4E64-87DA-A4BB9D0899E1}.job
[2010/11/19 23:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/19 17:15:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/11/19 14:27:58 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/19 10:50:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/19 10:50:51 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/19 10:50:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/19 10:50:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/19 10:50:51 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/18 12:47:19 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wbd1mdw8.exe
[2010/11/18 12:46:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/18 12:06:12 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CKScanner.exe.lnk
[2010/11/18 12:05:21 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CKScanner.exe
[2010/11/18 12:02:24 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DW Executive Summary 9Nov10-notes EV_NB.doc
[2010/11/18 12:01:52 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Delivering a Digital Wale1.doc
[2010/11/18 12:00:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2010/11/18 11:22:01 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/11/17 23:31:36 | 000,774,656 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Sale of goods Act 1979.doc
[2010/11/11 17:53:02 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CURRICULUM VITA1 COMMS.doc
[2010/11/10 12:01:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 23:31:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/09 18:52:26 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\physical activities.doc
[2010/11/07 18:24:30 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Cerys` sociology.doc
[2010/11/07 12:25:30 | 001,665,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/06 19:44:52 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/11/06 19:44:51 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/11/06 19:44:51 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/11/06 19:44:47 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/11/06 19:44:44 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/11/06 19:44:43 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/11/03 02:48:25 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/01 23:22:03 | 000,449,024 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\A and P cells assigment.doc
[2010/11/01 23:15:17 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Complimentary Therapies.doc
[2010/10/31 14:18:53 | 000,446,150 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 14:18:53 | 000,073,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/29 15:37:51 | 000,259,072 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\iridology chris.doc
[2010/10/25 22:29:43 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Linda McClenchy letter drains.doc
[2010/10/25 21:07:57 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quinn cancel.doc
[2010/10/25 13:12:30 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\0626236.doc
[2010/10/25 12:55:07 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\hand hygiene.doc
[2010/10/22 22:33:45 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Focus - Lucy.doc
[8 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/20 22:19:17 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/18 19:34:41 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/18 12:47:18 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wbd1mdw8.exe
[2010/11/18 12:06:12 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CKScanner.exe.lnk
[2010/11/18 12:05:20 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CKScanner.exe
[2010/11/18 12:02:24 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DW Executive Summary 9Nov10-notes EV_NB.doc
[2010/11/18 12:01:51 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Delivering a Digital Wale1.doc
[2010/11/18 12:00:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2010/11/17 23:31:36 | 000,774,656 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Sale of goods Act 1979.doc
[2010/11/14 17:40:11 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/11/12 23:42:52 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/11 16:39:23 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\CURRICULUM VITA1 COMMS.doc
[2010/11/09 18:52:26 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\physical activities.doc
[2010/11/07 17:28:06 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Cerys` sociology.doc
[2010/11/01 23:15:17 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Complimentary Therapies.doc
[2010/10/31 16:14:06 | 000,449,024 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\A and P cells assigment.doc
[2010/10/29 14:51:26 | 000,259,072 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\iridology chris.doc
[2010/10/26 22:05:12 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/10/26 22:05:09 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\vfzwln.dat
[2010/10/25 21:07:57 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quinn cancel.doc
[2010/10/25 15:30:40 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Linda McClenchy letter drains.doc
[2010/10/25 12:57:15 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\0626236.doc
[2010/10/24 09:34:13 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\hand hygiene.doc
[2010/10/22 22:33:45 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Focus - Lucy.doc
[2010/02/27 23:12:30 | 000,001,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Lang_2052.ini
[2009/10/21 12:19:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/10/21 11:34:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009/10/21 11:30:42 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/10/03 21:08:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/04 21:28:55 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/07/13 22:27:01 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2009/02/10 21:48:41 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/01/18 15:48:02 | 000,000,189 | ---- | C] () -- C:\WINDOWS\sc.INI
[2008/10/19 08:39:40 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/10/19 08:39:40 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E8C584D0D3.sys
[2008/08/10 16:46:42 | 000,181,176 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/07/09 19:51:06 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2008/05/06 21:25:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/05/06 21:23:53 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/02/26 09:10:28 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\ecbeafcbc7_d.dll
[2008/01/02 21:23:39 | 002,515,161 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\NMM-MetaData.db
[2007/09/03 16:37:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/28 17:14:57 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/02/15 22:55:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/02/03 13:51:41 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\E8C584D0D3.sys
[2007/02/03 13:45:55 | 000,002,620 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/18 19:39:41 | 000,006,175 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/18 19:39:41 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/02 20:49:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/06/29 17:46:50 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/29 17:46:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/06/18 16:42:36 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
[2006/06/18 08:05:45 | 000,050,410 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/01/25 21:10:29 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/23 01:19:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/08 10:24:52 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/12/07 10:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/11/09 20:31:35 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/10/13 18:29:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2005/08/26 18:57:31 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2005/06/16 16:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2005/04/10 13:30:13 | 000,000,272 | ---- | C] () -- C:\WINDOWS\MovieEdit.INI
[2005/04/10 12:06:43 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2005/01/26 21:58:24 | 000,002,247 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/22 23:14:55 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2005/01/22 23:14:55 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2004/12/09 21:32:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\realbap1.dll
[2004/12/09 21:32:31 | 000,045,568 | ---- | C] () -- C:\WINDOWS\realbsf1.dll
[2004/12/09 21:25:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2004/12/09 21:25:19 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2004/11/12 20:38:41 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004/10/06 19:11:40 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/06 10:21:16 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\Dtctrace.dll
[2004/09/30 19:18:53 | 000,000,411 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2004/09/30 19:16:07 | 000,000,205 | ---- | C] () -- C:\WINDOWS\qtw.ini
[2004/09/30 18:21:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VoTW.INI
[2004/09/30 18:06:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/18 20:41:20 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2004/09/18 20:27:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/09/18 20:27:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/09/18 20:27:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/09/18 20:27:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/09/18 20:27:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/09/18 20:27:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/09/18 20:25:41 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/09/18 20:25:39 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/03/30 01:29:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/13 19:02:58 | 000,014,658 | ---- | C] () -- C:\WINDOWS\System32\aud2_hp.ini
[2004/01/02 01:26:33 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/01 23:00:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/01 21:21:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/01 21:21:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/01 21:21:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/01 21:15:00 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/01 21:01:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/01/01 20:59:25 | 000,025,958 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/01 20:58:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/01 19:59:39 | 000,010,417 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/01 19:53:08 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/01 19:06:39 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/01 19:06:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/01 19:06:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/01 18:42:30 | 000,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/01 18:30:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/01 16:32:44 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/01 16:32:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/11/14 16:58:10 | 000,000,193 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/11/14 00:54:06 | 000,053,312 | ---- | C] () -- C:\WINDOWS\System32\upddrv9x.dll
[2003/11/12 10:54:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/22 00:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/03/06 22:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 01:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Unicode (All) ==========
[2010/10/29 15:25:20 | 000,252,416 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\??.doc) -- C:\Documents and Settings\Administrator\My Documents\指圧.doc
[2010/10/20 22:12:52 | 000,252,416 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\??.doc) -- C:\Documents and Settings\Administrator\My Documents\指圧.doc
[2006/06/15 22:11:33 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\My Documents\??curity) -- C:\Documents and Settings\Administrator\My Documents\ѕеcurity
[2006/06/15 22:05:07 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\?ystem) -- C:\Documents and Settings\Administrator\Application Data\ѕystem
[2006/06/15 22:05:07 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\?ystem) -- C:\Documents and Settings\Administrator\Application Data\ѕystem
[2006/06/10 11:52:48 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\My Documents\??curity) -- C:\Documents and Settings\Administrator\My Documents\ѕеcurity
[2005/06/23 14:42:47 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\Administrator\My Documents\?.doc) -- C:\Documents and Settings\Administrator\My Documents\爱.doc
[2005/06/23 14:42:46 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\Administrator\My Documents\?.doc) -- C:\Documents and Settings\Administrator\My Documents\爱.doc
(C:\Documents and Settings\Administrator\Application Data\?ystem) -- C:\Documents and Settings\Administrator\Application Data\ѕystem

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:992566D9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB2C187A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 1080 bytes -> C:\WINDOWS\system32:svchost

< End of report >
nickb1
Active Member
 
Posts: 12
Joined: November 14th, 2010, 1:37 pm
Advertisement
Register to Remove

Re: Redirected to websites/unable to access security updates

Unread postby deltalima » November 21st, 2010, 6:33 am

Hi nickb1,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\lsass.lnk = File not found
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (Reg Error: Key error.)
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} http://yax-download.yazzle.net/YazzleAc ... refid=1123 (Reg Error: Key error.)
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://davidbroster.homeserver.com:544 ... /msrdp.cab (Microsoft RDP Client Control (redist))
    O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} http://85.255.114.166/1/rdgBE2404.exe (Reg Error: Key error.)
    :files
    c:\documents and settings\administrator\my documents\my videos\propellerhead reason 4
    c:\documents and settings\administrator\my documents\my videos\propellerheadreason4.0
    c:\documents and settings\administrator\my documents\my videos\sony.acid.pro.6.keygen.212
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirected to websites/unable to access security updates

Unread postby nickb1 » November 21st, 2010, 10:03 am

Done. Logs below. You will see OTL couldn't find the files to be deleted. I had been able to delete them after yesterdays runs.

Nickb1


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c5c0f58-e061-457d-9033-77307f5ed00c}\ deleted successfully.
C:\Program Files\TorrentMan\tbTor0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7c5c0f58-e061-457d-9033-77307f5ed00c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c5c0f58-e061-457d-9033-77307f5ed00c}\ not found.
File C:\Program Files\TorrentMan\tbTor0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\lsass.lnk moved successfully.
Starting removal of ActiveX control {01012101-5E80-11D8-9E86-0007E96C65AE}
C:\WINDOWS\Downloaded Program Files\tgctlsr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01012101-5E80-11D8-9E86-0007E96C65AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01012101-5E80-11D8-9E86-0007E96C65AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{01012101-5E80-11D8-9E86-0007E96C65AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01012101-5E80-11D8-9E86-0007E96C65AE}\ not found.
Starting removal of ActiveX control {74CD40EA-EF77-4BAD-808A-B5982DA73F20}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74CD40EA-EF77-4BAD-808A-B5982DA73F20}\ not found.
Starting removal of ActiveX control {7584C670-2274-4EFB-B00B-D6AABA6D3850}
C:\WINDOWS\Downloaded Program Files\msrdp.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7584C670-2274-4EFB-B00B-D6AABA6D3850}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7584C670-2274-4EFB-B00B-D6AABA6D3850}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7584C670-2274-4EFB-B00B-D6AABA6D3850}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7584C670-2274-4EFB-B00B-D6AABA6D3850}\ not found.
Starting removal of ActiveX control {97B79133-88F0-45F0-8D57-0F2EF27D9C66}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{97B79133-88F0-45F0-8D57-0F2EF27D9C66}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{97B79133-88F0-45F0-8D57-0F2EF27D9C66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97B79133-88F0-45F0-8D57-0F2EF27D9C66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{97B79133-88F0-45F0-8D57-0F2EF27D9C66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97B79133-88F0-45F0-8D57-0F2EF27D9C66}\ not found.
========== FILES ==========
File\Folder c:\documents and settings\administrator\my documents\my videos\propellerhead reason 4 not found.
File\Folder c:\documents and settings\administrator\my documents\my videos\propellerheadreason4.0 not found.
File\Folder c:\documents and settings\administrator\my documents\my videos\sony.acid.pro.6.keygen.212 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 5052200654 bytes
->Temporary Internet Files folder emptied: 83852531 bytes
->Java cache emptied: 139625888 bytes
->FireFox cache emptied: 63239715 bytes
->Google Chrome cache emptied: 272876109 bytes
->Apple Safari cache emptied: 184794112 bytes
->Flash cache emptied: 2021863 bytes

User: Alex
->Flash cache emptied: 7416 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56545 bytes

User: holding

User: LocalService
->Temp folder emptied: 295484 bytes
->Temporary Internet Files folder emptied: 13171159 bytes

User: NetworkService
->Temp folder emptied: 703164 bytes
->Temporary Internet Files folder emptied: 4331070 bytes

User: Nick
->Temp folder emptied: 3551 bytes
->Temporary Internet Files folder emptied: 104408 bytes
->Java cache emptied: 2407120 bytes
->Flash cache emptied: 647 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 117897 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 37768 bytes
Windows Temp folder emptied: 1506375967 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 93632970 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34686 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,076.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11212010_104127

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


++++++++++++++++++++++++++

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=85f22483d0a5a94a9263a0684db47ef0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-21 01:22:07
# local_time=2010-11-21 01:22:07 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 584550 584550 0 0
# compatibility_mode=1031 16777173 100 93 4132 25981166 0 0
# compatibility_mode=8192 67108863 100 0 3717 3717 0 0
# scanned=152689
# found=5
# cleaned=0
# scan_time=8380
C:\VundoFix Backups\uttss.bak1 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\VundoFix Backups\uttss.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\VundoFix Backups\uttss.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\VundoFix Backups\uttss.ini2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\VundoFix Backups\uttss.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I

+++++++++++++++++++++++++++
nickb1
Active Member
 
Posts: 12
Joined: November 14th, 2010, 1:37 pm

Re: Redirected to websites/unable to access security updates

Unread postby deltalima » November 21st, 2010, 10:36 am

Hi nickb1,

It looks like you have had a Vundo infection previously that has been successfully removed.

Please delete the folder
C:\VundoFix Backups

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.4 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Remove old versions of Java

Please uninstall the following.

J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1


Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirected to websites/unable to access security updates

Unread postby nickb1 » November 21st, 2010, 1:06 pm

Many thanks.

Your invaluable help is gratefully appreciated!

Nickb1
nickb1
Active Member
 
Posts: 12
Joined: November 14th, 2010, 1:37 pm

Re: Redirected to websites/unable to access security updates

Unread postby deltalima » November 21st, 2010, 5:23 pm

You're welcome!

Glad we could help.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Redirected to websites/unable to access security updates

Unread postby Wingman » November 21st, 2010, 5:58 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware