Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirectors

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Redirectors

Unread postby askey127 » June 14th, 2011, 7:36 am

Rocky22,
You have a Rootkit infection, likely from using Frostwire.
You may be familiar with the term. If not, see here for an overview: http://en.wikipedia.org/wiki/Rootkit
It means that we cannot be absolutely certain that your machine is secure, since the rootkit could have done anything it wished with your security settings while on board. (A Security door can be left "unlocked" so the infection can return later)
It also means that any personal information used with this machine..passwords, financial, etc. may have been compromised.
I would suggest changing account numbers, passwords, etc. for any accounts, credit cards, or other information that passed thru this machine.
(Don't use this machine to make the changes, or the rootkit could intercept the changes)
If you need to be completely certain the machine can be trusted, you would need to reformat the hard drive and re-install the Windows system.

The method(s) used to "FIX" one of these, in this case, are not foolproof.
With one mistake by either of us, or maybe even with no mistakes, the machine may fail to boot.
In that case, there would be no choice but to reformat the hard drive and re-install Windows XP, Service packs, Antivirus and application programs from scratch.
You would end up losing all saved data and personal files.

Because of the situation, you need to back up all personal and important files to external media (CDs, DVDs, flash drives).
I do not recommend using CD-RW discs for any of this, because a bare copy of Windows can't dependably read them.
CD-R and DVD+R discs are the best to use, or an external hard drive like WD passport, etc.

Attempting to fix this will take a several procedures in exact sequence.
The rootkit has corrupted the Windows system and a specific system file.
We need to replace the file with a non-corrupted copy, but cannot use Windows itself to do it, since Windows with the rootkit is now programmed to lie about that file.

If we are successful, then we can follow up with tools that will properly clean any remaining issues from the machine.
If you want to attempt to fix this, proceed as follows.
--------------------------------------------------------------------------------------
First, to check the Recovery Console, and find all the copies of the file:
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole /s
    
    :filefind
    *VolSnap* 
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: Redirectors

Unread postby Rocky22 » June 14th, 2011, 6:46 pm

Here is the requested log I hope not to have to reformat but if i do it's not a big deal


SystemLook 04.09.10 by jpshortstuff
Log created at 18:43 on 14/06/2011 by Edward
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
"SetCommand"= 0x0000000001 (1)
"SecurityLevel"= 0x0000000001 (1)


========== filefind ==========

Searching for "*VolSnap* "
C:\WINDOWS\I386\VOLSNAP.IN_ --a---- 698 bytes [22:42 13/05/2009] [12:00 21/08/2008] 03FF8C24B69C1FC99663DF3908FBEBA4
C:\WINDOWS\I386\VOLSNAP.SY_ --a---- 25386 bytes [22:42 13/05/2009] [12:00 21/08/2008] 64409F40C23B1395594B71E4EB54E019
C:\WINDOWS\inf\volsnap.inf --a---- 1095 bytes [22:42 13/05/2009] [12:00 21/08/2008] 1C43F4D998567C9D2463E18669F33A3C
C:\WINDOWS\inf\volsnap.PNF --a---- 4964 bytes [15:48 13/05/2009] [09:45 31/05/2011] 9FA7287B5F11CF0F2E89CF51FC5095D8
C:\WINDOWS\system32\dllcache\volsnap.sys --a--c- 52352 bytes [22:42 13/05/2009] [12:00 21/08/2008] 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\system32\drivers\volsnap.sys --a---- 52352 bytes [22:42 13/05/2009] [12:00 21/08/2008] 4C8FCB5CC53AAB716D810740FE59D025

-= EOF =-
Rocky22
Regular Member
 
Posts: 15
Joined: June 7th, 2011, 10:05 pm

Re: Redirectors

Unread postby askey127 » June 15th, 2011, 5:38 am

Rocky22,
Go to Start->Run and type in notepad and hit OK.
Then copy and paste the content of the following codebox into Notepad:
Code: Select all
@echo off
copy /y   C:\WINDOWS\system32\dllcache\volsnap.sys  c:\
del %0

Save the file to your DESKTOP as "fix.bat". Make sure to save it with the quotes.
Once saved, the icon to click should look like this on your desktop:
Image
Double click fix.bat to run it. A small black box should open and close - this is normal.
This should copy the file in the dllcache to the main directory of the C:\ drive
---------------------------------------------
Let's Make sure the file is there
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    volsnap.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirectors

Unread postby Rocky22 » June 15th, 2011, 6:40 am

Here is the information from systemlook. I backed up the system with windows built in back up should i also copy all my stuff to an external media sorce?


SystemLook 04.09.10 by jpshortstuff
Log created at 06:36 on 15/06/2011 by Edward
Administrator - Elevation successful

========== filefind ==========

Searching for "volsnap.sys"
C:\volsnap.sys --a---- 52352 bytes [10:36 15/06/2011] [12:00 21/08/2008] 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\system32\dllcache\volsnap.sys -----c- 52352 bytes [22:42 13/05/2009] [12:00 21/08/2008] 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\system32\drivers\volsnap.sys --a---- 52352 bytes [22:42 13/05/2009] [12:00 21/08/2008] 4C8FCB5CC53AAB716D810740FE59D025

-= EOF =-
Rocky22
Regular Member
 
Posts: 15
Joined: June 7th, 2011, 10:05 pm

Re: Redirectors

Unread postby askey127 » June 15th, 2011, 8:35 am

That worked fine.
Yes, you should also back up your stuff to an external media.
If the fix fails, you won't be able to retrieve anything off the drive without pulling the drive out of the box and physically hooking it up to another computer.

I'll be back online in about 5-6 hours with the preparation and instructions for the Recovery Console.
When I give the next instructions, you will need to find a way to print them out, before actually doing it.
During the Recovery Console procedures, you will not have use of this computer online. (Windows won't be running).
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirectors

Unread postby askey127 » June 15th, 2011, 5:07 pm

Now the Critical Part - Make sure this Instruction is printed out before you start.
Double check what you type.

-----------------------------------------------------------
First We need to create a batch file to run from the Recovery Console.

Open Notepad
Copy the contents of the Code Box below to the notepad window

Code: Select all
ren  C:\WINDOWS\system32\drivers\volsnap.sys  volsnap.old
copy  c:\volsnap.sys   c:\windows\system32\drivers\volsnap.sys
exit

Click File -> Save As...
In the File name field, type C:\runme.txt and click Save
Close notepad.
-----------------------------------------------------------
Now We Will Use The Recovery Console
Restart your computer.
Before Windows loads, you will be prompted to choose which Operating System to start.
Use the up and down arrow key to select Microsoft Windows Recovery Console
You must enter which Windows installation to log onto. Type 1 and press 'Enter'
Type the following command at the C:\Windows prompt, then hit Enter: (note the space between batch and C:\runme.txt
)
batch C:\runme.txt

(If perchance you are prompted to overwrite an existing file, select No, then type exit to restart and notify me of your results).

If you are NOT prompted to overwrite, just type exit and press 'Enter'. Your computer should reboot.

Reboot normally.
Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirectors

Unread postby Rocky22 » June 15th, 2011, 10:44 pm

Well nothing blew up and i saw no smoke and it said 1 file copied so i guess it went well!!
I also tried doing a search and did not get redirected.
Rocky22
Regular Member
 
Posts: 15
Joined: June 7th, 2011, 10:05 pm

Re: Redirectors

Unread postby askey127 » June 16th, 2011, 4:25 am

Rocky22,
if you have a copy of TDSSKiller by that name or any other name, please erase it from your desktop.
Let's get a new download and see if it will run.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

Let me know.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirectors

Unread postby Rocky22 » June 16th, 2011, 6:07 am

Success!! Here is the log from TDSSkiller


2011/06/16 06:01:19.0593 2176 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/16 06:01:19.0953 2176 ================================================================================
2011/06/16 06:01:19.0953 2176 SystemInfo:
2011/06/16 06:01:19.0953 2176
2011/06/16 06:01:19.0953 2176 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/16 06:01:19.0953 2176 Product type: Workstation
2011/06/16 06:01:19.0953 2176 ComputerName: YOUR-DC8665429C
2011/06/16 06:01:19.0953 2176 UserName: Edward
2011/06/16 06:01:19.0953 2176 Windows directory: C:\WINDOWS
2011/06/16 06:01:19.0953 2176 System windows directory: C:\WINDOWS
2011/06/16 06:01:19.0953 2176 Processor architecture: Intel x86
2011/06/16 06:01:19.0953 2176 Number of processors: 1
2011/06/16 06:01:19.0953 2176 Page size: 0x1000
2011/06/16 06:01:19.0953 2176 Boot type: Normal boot
2011/06/16 06:01:19.0953 2176 ================================================================================
2011/06/16 06:01:21.0046 2176 Initialize success
2011/06/16 06:01:43.0781 3712 ================================================================================
2011/06/16 06:01:43.0781 3712 Scan started
2011/06/16 06:01:43.0781 3712 Mode: Manual;
2011/06/16 06:01:43.0781 3712 ================================================================================
2011/06/16 06:01:44.0515 3712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/16 06:01:44.0562 3712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/16 06:01:44.0718 3712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/16 06:01:44.0796 3712 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/16 06:01:45.0125 3712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/16 06:01:45.0171 3712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/16 06:01:45.0328 3712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/16 06:01:45.0390 3712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/16 06:01:45.0484 3712 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/16 06:01:45.0562 3712 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/16 06:01:45.0625 3712 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/16 06:01:45.0687 3712 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/16 06:01:45.0750 3712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/16 06:01:46.0015 3712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/16 06:01:46.0078 3712 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/16 06:01:46.0156 3712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/16 06:01:46.0296 3712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/16 06:01:46.0343 3712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/16 06:01:46.0562 3712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/16 06:01:46.0656 3712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/16 06:01:46.0750 3712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/16 06:01:46.0765 3712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/16 06:01:46.0843 3712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/16 06:01:46.0906 3712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/16 06:01:46.0968 3712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/16 06:01:47.0093 3712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/16 06:01:47.0140 3712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/16 06:01:47.0156 3712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/16 06:01:47.0203 3712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/16 06:01:47.0234 3712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/16 06:01:47.0281 3712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/16 06:01:47.0312 3712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/16 06:01:47.0375 3712 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/16 06:01:47.0453 3712 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/16 06:01:47.0468 3712 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/16 06:01:47.0484 3712 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/16 06:01:47.0515 3712 HSFHWBS2 (3e0b68288e468190a5bf4c2ef5998a18) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/06/16 06:01:47.0609 3712 HSF_DPV (bd2abf12938a2fccc340873412c2b2ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/16 06:01:47.0718 3712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/16 06:01:47.0828 3712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/06/16 06:01:47.0921 3712 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/16 06:01:48.0015 3712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/16 06:01:48.0140 3712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/16 06:01:48.0203 3712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/16 06:01:48.0218 3712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/16 06:01:48.0281 3712 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/16 06:01:48.0359 3712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/16 06:01:48.0453 3712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/16 06:01:48.0500 3712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/16 06:01:48.0593 3712 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/16 06:01:48.0656 3712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/16 06:01:48.0812 3712 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/16 06:01:48.0953 3712 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/16 06:01:49.0046 3712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/16 06:01:49.0109 3712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/16 06:01:49.0187 3712 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/16 06:01:49.0265 3712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/16 06:01:49.0359 3712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/16 06:01:49.0421 3712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/16 06:01:49.0484 3712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/16 06:01:49.0593 3712 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/16 06:01:49.0625 3712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/16 06:01:49.0703 3712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/16 06:01:49.0750 3712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/16 06:01:49.0781 3712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/16 06:01:49.0812 3712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/16 06:01:49.0843 3712 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/16 06:01:49.0906 3712 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/16 06:01:49.0953 3712 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/16 06:01:50.0031 3712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/16 06:01:50.0046 3712 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/16 06:01:50.0093 3712 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/16 06:01:50.0156 3712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/16 06:01:50.0187 3712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/16 06:01:50.0218 3712 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/16 06:01:50.0281 3712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/16 06:01:50.0343 3712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/16 06:01:50.0515 3712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/16 06:01:50.0625 3712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/16 06:01:50.0687 3712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/16 06:01:50.0718 3712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/16 06:01:50.0750 3712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/16 06:01:50.0859 3712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/16 06:01:50.0937 3712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/16 06:01:50.0968 3712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/16 06:01:51.0015 3712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/16 06:01:51.0062 3712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/16 06:01:51.0140 3712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/16 06:01:51.0375 3712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/16 06:01:51.0421 3712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/16 06:01:51.0453 3712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/16 06:01:51.0703 3712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/16 06:01:51.0796 3712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/16 06:01:51.0843 3712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/16 06:01:51.0890 3712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/16 06:01:51.0937 3712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/16 06:01:51.0984 3712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/16 06:01:52.0031 3712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/16 06:01:52.0171 3712 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/16 06:01:52.0218 3712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/16 06:01:52.0359 3712 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/16 06:01:52.0453 3712 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/06/16 06:01:52.0546 3712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/16 06:01:52.0625 3712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/16 06:01:52.0734 3712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/16 06:01:52.0906 3712 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/16 06:01:52.0968 3712 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/16 06:01:53.0078 3712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/16 06:01:53.0140 3712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/16 06:01:53.0171 3712 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/16 06:01:53.0234 3712 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/16 06:01:53.0312 3712 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\WINDOWS\system32\Drivers\StkAMini.sys
2011/06/16 06:01:53.0390 3712 StkScan (83406fb18cb0abfec501add986d63572) C:\WINDOWS\system32\Drivers\StkScan.sys
2011/06/16 06:01:53.0515 3712 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/16 06:01:53.0578 3712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/16 06:01:53.0671 3712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/16 06:01:53.0843 3712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/16 06:01:53.0921 3712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/16 06:01:54.0031 3712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/16 06:01:54.0062 3712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/16 06:01:54.0093 3712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/16 06:01:54.0187 3712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/16 06:01:54.0296 3712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/16 06:01:54.0359 3712 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/16 06:01:54.0500 3712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/16 06:01:54.0562 3712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/16 06:01:54.0703 3712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/16 06:01:54.0765 3712 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/16 06:01:54.0828 3712 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/16 06:01:54.0921 3712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/16 06:01:54.0937 3712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/16 06:01:54.0984 3712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/16 06:01:55.0046 3712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/16 06:01:55.0093 3712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/16 06:01:55.0171 3712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/16 06:01:55.0250 3712 winachsf (ea2ab3c94b1aee6aa22d543f1f0c62aa) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/16 06:01:55.0406 3712 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/16 06:01:55.0453 3712 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/16 06:01:55.0562 3712 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/16 06:01:55.0640 3712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/16 06:01:55.0765 3712 ================================================================================
2011/06/16 06:01:55.0765 3712 Scan finished
2011/06/16 06:01:55.0765 3712 ================================================================================
2011/06/16 06:01:55.0781 2340 Detected object count: 0
2011/06/16 06:01:55.0781 2340 Actual detected object count: 0
2011/06/16 06:02:18.0187 2412 Deinitialize success
Rocky22
Regular Member
 
Posts: 15
Joined: June 7th, 2011, 10:05 pm

Re: Redirectors

Unread postby askey127 » June 16th, 2011, 6:28 am

Rocky22,
Looks good.
To increase your protection going forward I would recommend use of a HOSTS file.
It blocks inadvertent access to thousands of harmful websites.
Be sure to follow the whole two-part procedure, and get the DNS Client service disabled before installing the HOSTS file.
-----------------------------------------------------------
Replace the Current HOSTS File with MVPs
You can read about HOSTS files here : http://www.mvps.org/winhelp2002/hosts.htm

  • Disable DNS Client Service. This is necessary when installing a large HOSTS file.
    From Start, or Start, Run
    Type services.msc in the box and hit <Enter>
    Give permission to continue if necessary.
    Scroll down to DNS Client on the list, Right Click it and choose Properties.
    Under Service Status, click Stop. Wait until it reports the service stopped.
    Under Startup Type, choose Disabled.
    Then click Apply, OK
    If this procedure was successful, proceed with the installation as follows:
  • Use HostsXpert to Install the HOSTS File
    Download HostsXpert and unzip (extract) it to your computer, somewhere where you can find it.
    • Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
    • In the bottom half of the left pane, click on File Handling
    • If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
    • Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
    • Click on the top button labeled MVPs Hosts and choose Replace
    • When asked to verify if you want to Replace present Hosts file, click OK.
    • When it finishes, click on File Handling again.
    • Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
    • Hit the X in the upper right corner to exit HostsXpert

If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\WINDOWS\system32\dllcache\volsnap.old
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

If everything goes well, you can open OTL again and click the Cleanup button to remove the tools we used.
You can delete SystemLook as well.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirectors

Unread postby Rocky22 » June 16th, 2011, 7:22 am

Here is the OTL log. Just before this finnished my Avira antivirus poped up and said it found somthing and quarantined it i'm pretty sure it said somthing about volsnap.old. When i ran the custom scan of OTL it stated that volsap.old was not found. The Avira found this after the reboot and towards the end of the quick scan.


OTL logfile created on: 6/16/2011 7:08:28 AM - Run 4
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Edward\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

2.99 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 85.32% Memory free
4.84 Gb Paging File | 4.55 Gb Available in Paging File | 94.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 148.21 Gb Free Space | 63.64% Space Free | Partition Type: NTFS

Computer Name: YOUR-DC8665429C | User Name: Edward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 22:02:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
PRC - [2011/04/27 20:32:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 21:08:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 15:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/21 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/24 02:49:14 | 000,024,576 | R--- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe


========== Modules (SafeList) ==========

MOD - [2011/06/11 22:02:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
MOD - [2008/08/21 08:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 20:32:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 21:08:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/24 02:49:14 | 000,024,576 | R--- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/03/16 21:08:17 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 15:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/03/10 05:47:01 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/03/10 05:47:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/03/10 05:47:00 | 000,257,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/09/26 23:01:36 | 000,241,628 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/02 02:44:04 | 000,004,772 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2006/07/14 13:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: E:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins

[2009/06/24 21:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Edward\Application Data\Mozilla\Extensions
[2011/06/01 20:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\bjc1ami6.default\extensions

O1 HOSTS File: ([2011/06/16 07:02:37 | 000,618,793 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 http://www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 http://www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 http://www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16379 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [pdfFactory Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Edward\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Edward\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/13 18:54:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 07:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Desktop\HostsXpert
[2011/06/16 06:00:14 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Edward\Desktop\tdsskiller.exe
[2011/06/15 17:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\FileMaker
[2011/06/15 17:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\CNS
[2011/06/15 17:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Start Menu\Programs\pdfFactory
[2011/06/15 17:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Start Menu\Programs\Inspector FX
[2011/06/15 17:06:34 | 000,385,024 | ---- | C] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppmon3.dll
[2011/06/15 17:06:34 | 000,282,624 | ---- | C] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppr332.dll
[2011/06/15 17:06:07 | 000,000,000 | ---D | C] -- C:\Inspector FX
[2011/06/12 08:32:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/12 08:32:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/11 22:02:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
[2011/06/11 08:43:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/11 08:41:55 | 004,119,337 | R--- | C] (Swearware) -- C:\Documents and Settings\Edward\Desktop\zzz.exe
[2011/06/05 13:55:05 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\Edward\Desktop\dds.scr
[2011/06/05 13:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Desktop\random
[2011/06/05 09:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2011/06/02 23:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\Downloaded Installations
[2011/06/02 23:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/06/02 23:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\Anti-Malware
[2011/06/02 19:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/02 19:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/02 06:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/06/02 06:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/01 20:51:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/01 20:50:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/01 20:50:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/01 20:50:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/01 20:50:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/01 20:50:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/01 16:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/06/01 16:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/06/01 16:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\sar_15_sfx
[2011/06/01 08:06:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Edward\Recent
[2011/06/01 07:07:34 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/01 07:07:34 | 000,056,400 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/06/01 00:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\SUPER AntiSpyware Professional 4.51
[2011/06/01 00:05:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/05/31 23:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 23:47:39 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/31 23:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/31 23:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\Malwarebytes Anti-Malware 1.50.1.1100 with serial - Powercrush
[2011/05/31 05:44:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/31 05:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\My Documents\ResumeMaker2

========== Files - Modified Within 30 Days ==========

[2011/06/16 07:08:04 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/16 07:07:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/16 07:06:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/16 07:06:45 | 3210,883,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 07:02:37 | 000,618,793 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/16 07:00:50 | 000,357,766 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\HostsXpert.zip
[2011/06/16 06:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 06:00:18 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Edward\Desktop\tdsskiller.exe
[2011/06/15 17:06:52 | 000,001,434 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Inspector FX 8.5.lnk
[2011/06/15 00:15:43 | 3779,099,639 | ---- | M] () -- C:\Backup.bkf
[2011/06/14 18:15:48 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\SystemLook.exe
[2011/06/13 06:56:18 | 038,041,357 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\ifx_v8.62.0.EXE
[2011/06/12 10:48:55 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\s67wf6ir.exe
[2011/06/12 08:38:59 | 000,368,505 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\MiniToolBox.exe
[2011/06/11 22:02:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edward\Desktop\OTL.exe
[2011/06/11 08:41:59 | 004,119,337 | R--- | M] (Swearware) -- C:\Documents and Settings\Edward\Desktop\zzz.exe
[2011/06/11 08:39:01 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\rkill.exe
[2011/06/05 13:55:06 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\Edward\Desktop\dds.scr
[2011/06/04 18:49:30 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Edward\My Documents\stinger10101629.opt
[2011/06/03 00:31:37 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Notepad (2).lnk
[2011/06/02 22:22:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/02 19:43:49 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/02 19:43:49 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Spybot - Search & Destroy.lnk
[2011/06/01 20:55:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110602-203914.backup
[2011/06/01 16:58:54 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Sophos Anti-Rootkit.lnk
[2011/06/01 08:01:47 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/01 07:07:34 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/01 07:07:34 | 000,056,400 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/06/01 06:31:20 | 000,001,352 | ---- | M] () -- C:\Documents and Settings\Edward\Desktop\Shortcut to SUPERAntiSpyware Professional.exe.lnk
[2011/05/31 23:49:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 21:16:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/31 20:40:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

========== Files Created - No Company Name ==========

[2011/06/16 07:00:48 | 000,357,766 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\HostsXpert.zip
[2011/06/15 17:06:52 | 000,001,434 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\Inspector FX 8.5.lnk
[2011/06/15 17:05:48 | 038,041,357 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\ifx_v8.62.0.EXE
[2011/06/14 23:05:48 | 3779,099,639 | ---- | C] () -- C:\Backup.bkf
[2011/06/14 18:15:55 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\SystemLook.exe
[2011/06/12 10:48:52 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\s67wf6ir.exe
[2011/06/12 10:33:22 | 3210,883,072 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/12 08:38:58 | 000,368,505 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\MiniToolBox.exe
[2011/06/11 08:39:00 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\rkill.exe
[2011/06/04 09:25:09 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Edward\My Documents\stinger10101629.opt
[2011/06/02 19:43:49 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/02 19:43:49 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\Spybot - Search & Destroy.lnk
[2011/06/02 18:30:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/01 20:53:44 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/06/01 20:53:44 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2011/06/01 20:53:44 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/01 20:53:44 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/01 20:53:43 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/06/01 20:53:43 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\National Estimator.lnk
[2011/06/01 20:53:43 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ulead VideoStudio SE DVD.lnk
[2011/06/01 20:53:43 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/01 20:53:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/01 20:53:43 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/01 20:53:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/01 20:51:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/01 20:51:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/01 20:50:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/01 20:50:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/01 20:50:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/01 20:50:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/01 16:58:54 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\Sophos Anti-Rootkit.lnk
[2011/06/01 08:01:47 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/01 06:31:20 | 000,001,352 | ---- | C] () -- C:\Documents and Settings\Edward\Desktop\Shortcut to SUPERAntiSpyware Professional.exe.lnk
[2011/05/31 23:47:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 05:56:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/14 06:32:09 | 000,475,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/25 08:05:50 | 000,010,709 | ---- | C] () -- C:\WINDOWS\hpwscr19.dat
[2011/02/25 08:05:03 | 000,176,496 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2011/02/25 08:05:03 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2011/02/15 00:14:25 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\fusioncache.dat
[2010/01/14 02:17:16 | 000,077,375 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/09/29 19:39:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/29 19:38:58 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Edward\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 21:58:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/19 20:25:04 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1018.EXE
[2009/06/11 20:08:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/13 18:55:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 18:52:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/13 18:42:37 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/05/13 18:42:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/05/13 18:42:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/05/13 18:42:36 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/13 18:42:36 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/05/13 18:42:36 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/13 18:42:36 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/05/13 18:42:36 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/05/13 18:42:36 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/05/13 18:42:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/05/13 18:42:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/05/13 18:42:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/05/13 11:48:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/13 11:47:28 | 000,317,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2009/11/17 21:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/03/02 21:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iNbIlMj08200
[2010/01/18 13:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/11/17 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\HotSync
[2009/06/19 18:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\OpenOffice.org
[2010/01/18 14:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edward\Application Data\Ulead Systems

========== Purity Check ==========



< End of report >
Rocky22
Regular Member
 
Posts: 15
Joined: June 7th, 2011, 10:05 pm

Re: Redirectors

Unread postby askey127 » June 16th, 2011, 7:42 am

Avira probably killed it before OTL. It was the infected file.
You should be able to do the CleanUp button now.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirectors

Unread postby Rocky22 » June 16th, 2011, 8:02 am

Ok clean up done was there another log that was to be produced and posted?
Rocky22
Regular Member
 
Posts: 15
Joined: June 7th, 2011, 10:05 pm

Re: Redirectors

Unread postby askey127 » June 16th, 2011, 8:48 am

No, you should be OK.
Good Luck !
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirectors

Unread postby Rocky22 » June 16th, 2011, 10:27 pm

askey127.

I can't thank you enough my computer I had for 12 years died and this one was given to me but had some issues. Thank you so much for all your help and your professionalism.
Thanks again


Rocky22
Rocky22
Regular Member
 
Posts: 15
Joined: June 7th, 2011, 10:05 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 231 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware