Two days ago, the virus came again (or prob never actually got removed properly). I tried to remove it in the same way, but it now keeps coming back. On top of this, I have a further problem, which I assume is related to this. When I click on google links, I am often redirected to a totally different website to the link, different each time and consisting of various adverts.
The problem has not totally shut down my computer; I am writing to you on it now. This means I could try all the fixes I could find, including the ones from your website, but nothing is working. Malware bytes doesn't find anything when I scan. The vista antivirus problem only comes sometimes, so right now it is not showing itself, whereas the redirect problem is always there.
I followed your guide for what reports to forward to you step by step, and although I managed to run the first couple of scans / logs, my computer will not let me run GMER software. Every time I try to run it, the computer shuts down and restarts - I assume this is part of the virus. The DDS log is below, and the attatch.txt attached, please please help me get rid of this horrible thing!
DDS (Ver_10-03-17.01) - NTFSx86
Run by Phil at 8:54:21.43 on 24/04/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.747 [GMT 1:00]
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Aware.exe
C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\MsnVane.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Users\Phil\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/ig?hl=en
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
uRun: [Skytel] Skytel.exe
uRun: [RtHDVCpl] RtHDVCpl.exe
uRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Symantec PIF AlertEng] c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll
uRun: [LManager] c:\progra~1\launch~1\LManager.exe
uRun: [EPSON Stylus SX200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiefe.exe /fu "c:\windows\temp\E_S99C2.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [{1F1CC264-C1B1-D3B0-45E7-DD5E952C1834}] c:\users\phil\appdata\roaming\etosbe\zipi.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1100470.exe -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729; Tablet PC 2.0)" -"http://www.quizville.com/mathGames/fractionsDecimalsAndPercents/percentsClick(easy).html"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [SMART Board Service] c:\program files\smart technologies\smart board drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe -e
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\phil\appdata\local\temp\vbe.sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\fdyb1lug\info-awc[1].sh! c:\users\phil\appdata\local\temp\hsperfdata_phil.sh! c:\users\phil\appdata\local\temp\e4j384f.sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\i9ukbo6m\browse[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\i9ukbo6m\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\7b26dz7l\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\e5zx1r0y\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\epnut235\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\enyodlt2\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\chmvmzwe\info-awc[1].sh! c:\users\phil\appdata\local\temp\e4j621e.sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\gpfselt3\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3f50qnsd\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\enu5q2am\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xawpfhas\info-awc[1].sh! c:\users\phil\appdata\local\temp\e4j5d0d.sh! c:\users\phil\appdata\local\temp\e4j162e.sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\emj936pc\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\cj7tty0h\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\n9iq9bnm\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\wrkjit25\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\gglxy0ah\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\fq3dqz34\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xnuvshtw\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\o4d3zvpv\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\2l80xg35\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\aru7d1mv\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\22lilflm\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\jj0v2dp2\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\qzsuu56w\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\sminstrumentation[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\smappdata[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\smsyncmessage[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\smregistry[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\smuicontainer[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\smsystemdata[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\smversion1[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\smclientdb[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\smsubscriptiondata[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\syncmessage[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\smutils[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\smproviderenum[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\smversionmgr[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\_page_recommend[2].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\details[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\newfcr[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\600x60_partyplanner[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\728x100_sexyandfunny[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c83cwqlt\adbritenew[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\piclist[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\redirectiframe[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c83cwqlt\history_manager[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\10[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c83cwqlt\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\piclist[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\blank[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\xo5qq6p6\history_manager[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c83cwqlt\page5e[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\z54tlj0c\10[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\index[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\redirectiframe[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\default[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\history_manager[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\rsarnjdr\nav[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\menu[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\marketview[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m0kslq58\blank[9].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\d2ib3624\blank[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\soccer_betfair_com[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\rsarnjdr\navbar[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c1rx5l9m\subnav[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\c83cwqlt\blank[1].sh! "c:\users\phil\appdata\local\temp\smart technologies\smart notebook\tempfiles.sh!" "c:\users\phil\appdata\local\temp\smart technologies\smart notebook\notebookcrashrecovery\notebook\images.sh!" "c:\users\phil\appdata\local\temp\smart technologies\smart notebook\notebookcrashrecovery\notebook.sh!" "c:\users\phil\appdata\local\temp\smart technologies\smart notebook\notebookcrashrecovery.sh!" "c:\users\phil\appdata\local\temp\smart technologies\smart notebook.sh!" "c:\users\phil\appdata\local\temp\smart technologies.sh!" c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\m6a3qee3\pound_sign[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ii2568i\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ii2568i\ad_300[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\9h04dbbs\3122430[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\addgroup[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ii2568i\10[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\redirectiframe[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\history_manager[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\sh08[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\blank[2].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\blank[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ii2568i\soccer_betfair_com[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\subnav[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\9h04dbbs\nav[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ii2568i\marketview[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\header[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\9h04dbbs\marketview[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\menu[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\minigames[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\navbar[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\dataframe[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\3ih13o3f\sadie_s5-068[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\lff0s1tz\10[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\x2so55en\samantha-stone_s1-157[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\sr9rvc8s\sh09[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\x2so55en\info-awc[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\9h04dbbs\_page_recommend[1].sh! c:\users\phil\appdata\local\micros~1\windows\tempor~1\content.ie5\2rf39bjk\payandconditions;kw=;pos=mputop;sz=300x250;tile=1;ord=7050[1].SH!
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smart board tools.lnk - c:\program files\smart technologies\smart board drivers\SMARTBoardTools.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\phil\appdata\roaming\mozilla\firefox\profiles\huafepvt.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\virgin broadband\advisor\nprpspa.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
============= SERVICES / DRIVERS ===============
R0 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\ENCRFIL.SYS [2009-3-20 725120]
R0 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\SLWFIL.SYS [2009-3-20 725248]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-14 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-11-14 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\virusscan\mcshield.exe [2008-11-14 144704]
R2 Realtek11nSU;Realtek11nSU;c:\program files\realtek\11n usb wireless lan utility\RtlService.exe [2010-4-10 40960]
R2 SecureLockWare_InputPassword;SecureLockWare Service;c:\program files\buffalo\encrdisk\encrdlg.exe -service_execute --> c:\program files\buffalo\encrdisk\ENCRDLG.exe -Service_Execute [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\virusscan\mcsysmon.exe [2008-11-14 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-14 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-14 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-14 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2009-9-17 11048]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2009-9-17 14120]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2009-9-17 13440]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe -service --> c:\windows\system32\dlbkcoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-16 135664]
S2 ProfSvc Notice Service;User Profile Service ProfSvc Notice Service;c:\windows\system32\advapi32c.exe srv --> c:\windows\system32\advapi32c.exe srv [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-8-19 15872]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-25 21504]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-14 34248]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-4-10 528896]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-9-24 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-9-24 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-9-24 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-9-24 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-9-24 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-9-24 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-9-24 97704]
S3 SCPMp50;SCPMp50 NDIS Protocol Driver;c:\windows\system32\drivers\scpmp50.sys [2006-11-28 28224]
S3 SCPSp50;SCPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\scpsp50.sys [2006-11-28 27072]
S3 WSVD;WSVD;c:\windows\system32\drivers\wsvd.sys [2008-8-22 80744]
=============== Created Last 30 ================
2010-04-23 23:21:13 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-23 23:21:04 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-23 23:21:03 0 d-----w- c:\users\phil\appdata\roaming\SUPERAntiSpyware.com
2010-04-23 23:19:21 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-21 19:19:54 0 d-----w- c:\windows\system32\MpEngineStore
2010-04-21 19:07:29 0 d-----w- c:\programdata\avG
2010-04-17 09:18:07 0 d-----w- c:\program files\directx
2010-04-16 10:49:46 0 d-----w- c:\users\phil\appdata\roaming\Malwarebytes
2010-04-16 10:02:56 0 d-----w- c:\program files\Hobbyist Software
2010-04-16 09:37:43 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-16 09:37:42 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-16 09:37:41 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-16 09:37:36 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-16 09:37:35 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-16 09:37:30 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-16 09:37:10 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-16 09:37:09 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-16 09:36:51 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-16 09:36:50 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-16 09:36:49 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 10:26:52 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 10:26:49 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-10 09:43:11 0 d-----w- c:\program files\Cisco
2010-04-10 09:42:27 528896 ----a-r- c:\windows\system32\drivers\rtl8192su.sys
2010-04-10 09:42:26 614400 ------r- c:\windows\Rtlihvs.dll
2010-04-10 09:42:26 380928 ------r- c:\windows\RtlUI2.exe
2010-04-10 09:42:26 188416 ------r- c:\windows\RTLExtUI.dll
2010-04-10 09:42:25 614400 ------r- c:\windows\system32\Rtlihvs.dll
2010-04-10 09:42:24 380928 ------r- c:\windows\system32\RtlUI2.exe
2010-04-10 09:42:23 188416 ------r- c:\windows\system32\RTLExtUI.dll
2010-04-10 09:42:12 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2010-04-09 12:56:22 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-06 15:53:16 0 d-----w- c:\program files\iPod
2010-04-06 15:53:04 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-06 15:53:04 0 d-----w- c:\program files\iTunes
2010-04-06 15:45:02 0 d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-04-24 07:47:05 5216 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-04-10 09:42:30 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-10 09:42:30 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-10 09:42:30 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 21:41:48 103472 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 16:19:05 171788 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:32:56 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-11-15 00:02:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-10-11 11:55:02 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2008-08-27 22:13:51 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-27 14:45:53 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-10-31 00:12:58 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 8:56:53.00 ===============