BleepingComputer.com: google redirect, ie script error, just like everyone else

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

google redirect, ie script error, just like everyone else

#31 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 20 August 2011 - 06:45 AM

Hi!

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

Quote

C:\System Volume Information\_restore{E28BBD50-0570-405B-9B46-4310F2CE5171}\RP1523\A0204388.exe a variant of Win32/Adware.ADON application


These threat(s) below will be removed very shortly:

Quote

C:\Documents and Settings\All Users\Application Data\Uniblue\SpyEraser\SpyEraser_Setup_12_21_2007.exe a variant of Win32/UbSpyEraser application


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.

  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:OTL

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\Uniblue\SpyEraser\SpyEraser_Setup_12_21_2007.exe
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.



NEXT:



What outstanding issues (if any) are you still experiencing with your computer?
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#32 User is offline   mjdesmond3001 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 20 August 2011 - 03:38 PM

ok here is the first otl log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Uniblue\SpyEraser\SpyEraser_Setup_12_21_2007.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\desmond\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\desmond\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: desmond
->Temp folder emptied: 19059612 bytes
->Temporary Internet Files folder emptied: 39717724 bytes
->Java cache emptied: 2027 bytes
->Apple Safari cache emptied: 2368512 bytes
->Flash cache emptied: 5321299 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Apple Safari cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 21401162 bytes

Total Files Cleaned = 84.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: desmond
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08202011_091858

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\desmond\Local Settings\Temp\Perflib_Perfdata_ef0.dat not found!
File\Folder C:\Documents and Settings\desmond\Local Settings\Temp\~DFBA79.tmp not found!
File\Folder C:\Documents and Settings\desmond\Local Settings\Temp\~DFBAD5.tmp not found!
File\Folder C:\Documents and Settings\desmond\Local Settings\Temp\~DFBB57.tmp not found!
File\Folder C:\Documents and Settings\desmond\Local Settings\Temp\~DFBC6A.tmp not found!
File\Folder C:\Documents and Settings\desmond\Local Settings\Temp\~DFBD6C.tmp not found!
File\Folder C:\Documents and Settings\desmond\Local Settings\Temp\~DFBE06.tmp not found!
C:\Documents and Settings\desmond\Local Settings\Temporary Internet Files\Content.IE5\75HC3LPX\page__st__30[1].txt moved successfully.
C:\Documents and Settings\desmond\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4c0.dat not found!

Registry entries deleted on Reboot...



here is the second scan i ran

OTL logfile created on: 8/20/2011 1:24:00 PM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\desmond\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 124.40 Mb Available Physical Memory | 24.76% Memory free
1.20 Gb Paging File | 0.86 Gb Available in Paging File | 71.62% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 23.69 Gb Free Space | 34.57% Space Free | Partition Type: NTFS

Computer Name: 1ECA66A679AB494 | User Name: desmond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 19:07:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\desmond\Desktop\OTL.exe
PRC - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/01 11:22:50 | 001,679,360 | ---- | M] (D-Link) -- C:\Program Files\D-Link\DWA-130\AirNCFG.exe
PRC - [2008/07/09 08:58:42 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe
PRC - [2008/05/01 21:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\AstSrv.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2005/06/15 11:17:44 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/06/15 11:17:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/06/15 11:17:38 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005/05/15 05:51:24 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2005/02/09 05:43:58 | 000,143,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
PRC - [2005/01/14 13:43:28 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2004/02/20 14:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2003/11/07 17:21:28 | 000,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/02/26 11:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2008/07/10 11:50:34 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\wlanapp.dll
MOD - [2008/07/09 08:58:42 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\ANIWConnService.exe
MOD - [2008/05/01 21:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/01 21:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/03/24 21:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/05/20 17:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/09 08:58:42 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\AstSrv.exe -- (astcc)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005/06/15 11:17:46 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/06/15 11:17:44 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/06/15 11:17:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/06/15 11:17:38 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/06/07 09:58:28 | 001,851,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/06/07 03:44:10 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005/06/07 03:38:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005/06/07 03:37:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/06/07 01:32:54 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/06/07 01:28:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/06/07 01:22:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/06/03 05:21:00 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/05/20 17:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/04/05 13:06:36 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/02/10 12:44:04 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2005/02/09 05:43:58 | 000,143,360 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/08/11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/02/15 13:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/09/12 12:37:40 | 000,443,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192u.sys -- (RTL8192u)
DRV - [2007/05/12 16:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/06/10 10:31:28 | 000,076,800 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2005/05/23 10:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/23 10:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/03 07:03:54 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/03/18 10:01:32 | 000,237,568 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYTVC.sys -- (SONYTVC)
DRV - [2005/02/10 23:07:50 | 000,456,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2004/08/11 01:45:04 | 000,233,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2004/01/05 01:20:56 | 000,025,434 | R--- | M] (Best Buy ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DXE201.SYS -- (DXE201)
DRV - [2003/09/29 13:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 20:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 5A 00 75 E6 43 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files\Google\Google Updater\2.2.940.34809\npCIDetect11.dll File not found
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\desmond\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\desmond\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\desmond\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\desmond\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\desmond\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)



O1 HOSTS File: ([2011/08/20 09:19:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-130] C:\Program Files\D-Link\DWA-130\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\Partseal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/08/19 09:41:36 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} https://liverep.esignal.com/netagent/objects/custappx3.cab (Talisma NetAgent Customer ActiveX Control version 3)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\desmond\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\desmond\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/13 11:12:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 09:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/19 15:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/19 13:14:20 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\desmond\Desktop\FixTDSS.exe
[2011/08/19 13:03:35 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\desmond\Desktop\otc cleanup.exe
[2011/08/19 10:04:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/18 09:31:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/18 09:28:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/18 09:28:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/18 09:28:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/18 09:28:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/18 09:27:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/18 09:27:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\desmond\Start Menu\Programs\Administrative Tools
[2011/08/18 06:25:19 | 004,178,001 | R--- | C] (Swearware) -- C:\Documents and Settings\desmond\Desktop\ComboFix.exe
[2011/08/17 19:07:55 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\desmond\Desktop\OTL.exe
[2011/08/17 10:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/08/17 03:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desmond\Application Data\Mozilla
[2011/08/16 11:29:39 | 012,482,168 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\desmond\Desktop\SUPERAntiSpyware.exe
[2011/08/15 21:58:10 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/15 13:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desmond\Local Settings\Application Data\Sophos
[2011/08/15 13:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desmond\Desktop\savxp
[2011/08/15 13:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desmond\Desktop\sau
[2011/08/15 13:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/08/15 13:32:25 | 000,000,000 | ---D | C] -- C:\stdtsa
[2011/08/12 13:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desmond\Start Menu\Programs\BrowserPlus
[2011/08/12 13:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desmond\Local Settings\Application Data\Yahoo!
[2011/08/12 08:24:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\desmond\Recent
[2011/08/11 16:33:10 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\desmond\Desktop\TDSSKiller.exe
[2011/08/11 13:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/08/11 13:32:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/08/11 13:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desmond\Local Settings\Application Data\Secunia PSI
[2011/08/11 13:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/08/11 13:05:55 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\desmond\Desktop\PSISetup.exe
[2011/08/09 13:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/08/09 13:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/09 13:04:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2011/08/09 11:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desmond\Desktop\Autoruns
[2011/08/06 22:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/06 22:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/06 22:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/06 22:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/08/06 22:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/02 14:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\desmond\My Documents\tdsskiller-8

========== Files - Modified Within 30 Days ==========

[2011/08/20 09:24:26 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/08/20 09:22:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/20 09:19:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/19 21:30:56 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\desmond\Desktop\SecurityCheck.exe
[2011/08/19 13:14:23 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\desmond\Desktop\FixTDSS.exe
[2011/08/19 13:05:47 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\desmond\Desktop\RKUnhookerLE.EXE
[2011/08/19 13:03:36 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\desmond\Desktop\otc cleanup.exe
[2011/08/19 10:19:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/18 15:04:02 | 000,002,978 | ---- | M] () -- C:\WINDOWS\WinRos.Ini
[2011/08/18 09:32:15 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2011/08/18 06:25:30 | 004,178,001 | R--- | M] (Swearware) -- C:\Documents and Settings\desmond\Desktop\ComboFix.exe
[2011/08/17 19:07:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\desmond\Desktop\OTL.exe
[2011/08/17 15:57:29 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\desmond\Desktop\gmer.zip
[2011/08/17 10:03:23 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/08/16 11:30:51 | 012,482,168 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\desmond\Desktop\SUPERAntiSpyware.exe
[2011/08/15 22:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/15 21:58:07 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/08/15 13:22:06 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3754240444-2137588103-1009816629-1006Core.job
[2011/08/15 13:22:05 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3754240444-2137588103-1009816629-1006UA.job
[2011/08/14 11:32:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/12 18:22:52 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2011/08/12 18:06:58 | 000,155,008 | ---- | M] () -- C:\Documents and Settings\desmond\Desktop\ipod receipt.jpg
[2011/08/12 14:40:01 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011/08/12 14:16:07 | 000,000,419 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2011/08/12 14:16:07 | 000,000,079 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2011/08/12 14:15:08 | 000,000,092 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2011/08/12 14:15:07 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2011/08/12 14:15:07 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2011/08/12 13:34:43 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Yahoo! Messenger.lnk
[2011/08/12 13:34:42 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Yahoo! Messenger.lnk
[2011/08/11 19:33:39 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\desmond\Desktop\TDSSKiller.exe
[2011/08/11 19:33:18 | 001,388,507 | ---- | M] () -- C:\Documents and Settings\desmond\My Documents\tdsskiller-12.zip
[2011/08/11 18:59:10 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/11 13:36:24 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/08/11 13:06:06 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\desmond\Desktop\PSISetup.exe
[2011/08/09 13:35:45 | 000,003,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/08/09 13:24:08 | 000,002,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/09 12:46:57 | 000,459,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/09 12:46:57 | 000,079,432 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/09 12:40:37 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/09 12:30:21 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2011/08/09 12:02:14 | 002,367,552 | ---- | M] () -- C:\Documents and Settings\desmond\My Documents\AutoRuns.arn
[2011/08/09 11:32:50 | 000,731,000 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\desmond\Desktop\autoruns.exe
[2011/08/09 11:32:50 | 000,595,320 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\desmond\Desktop\autorunsc.exe
[2011/08/09 11:32:47 | 000,048,904 | ---- | M] () -- C:\Documents and Settings\desmond\Desktop\autoruns.chm
[2011/08/09 11:31:46 | 000,620,972 | ---- | M] () -- C:\Documents and Settings\desmond\Desktop\Autoruns.zip
[2011/08/06 22:22:02 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/06 22:12:24 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/06 19:52:04 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/08/06 19:29:55 | 001,388,130 | ---- | M] () -- C:\Documents and Settings\desmond\My Documents\tdsskiller-11.zip
[2011/08/05 12:28:32 | 001,388,130 | ---- | M] () -- C:\Documents and Settings\desmond\My Documents\tdsskiller-10.zip
[2011/08/02 14:01:05 | 001,388,094 | ---- | M] () -- C:\Documents and Settings\desmond\My Documents\tdsskiller-9.zip
[2011/08/02 13:59:37 | 001,388,094 | ---- | M] () -- C:\Documents and Settings\desmond\My Documents\tdsskiller-8.zip

========== Files Created - No Company Name ==========

[2011/08/19 21:30:51 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\desmond\Desktop\SecurityCheck.exe
[2011/08/19 13:05:45 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\desmond\Desktop\RKUnhookerLE.EXE
[2011/08/18 09:32:15 | 000,000,216 | ---- | C] () -- C:\Boot.bak
[2011/08/18 09:32:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/18 09:28:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/18 09:28:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/18 09:28:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/18 09:28:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/18 09:28:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/17 15:57:23 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\desmond\Desktop\gmer.zip
[2011/08/17 10:03:22 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/08/15 13:53:39 | 000,049,974 | ---- | C] () -- C:\Documents and Settings\desmond\Desktop\readsavxp_76_eng.html
[2011/08/12 18:22:51 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2011/08/12 18:06:56 | 000,155,008 | ---- | C] () -- C:\Documents and Settings\desmond\Desktop\ipod receipt.jpg
[2011/08/12 14:40:01 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011/08/11 19:33:07 | 001,388,507 | ---- | C] () -- C:\Documents and Settings\desmond\My Documents\tdsskiller-12.zip
[2011/08/11 19:03:29 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/08/11 13:36:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/08/11 13:36:15 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/08/09 13:16:51 | 000,003,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/08/09 13:13:08 | 000,002,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/09 12:02:13 | 002,367,552 | ---- | C] () -- C:\Documents and Settings\desmond\My Documents\AutoRuns.arn
[2011/08/09 11:31:42 | 000,620,972 | ---- | C] () -- C:\Documents and Settings\desmond\Desktop\Autoruns.zip
[2011/08/06 22:22:02 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/06 22:12:24 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/06 19:52:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/08/06 19:29:46 | 001,388,130 | ---- | C] () -- C:\Documents and Settings\desmond\My Documents\tdsskiller-11.zip
[2011/08/05 12:28:24 | 001,388,130 | ---- | C] () -- C:\Documents and Settings\desmond\My Documents\tdsskiller-10.zip
[2011/08/02 14:00:55 | 001,388,094 | ---- | C] () -- C:\Documents and Settings\desmond\My Documents\tdsskiller-9.zip
[2011/08/02 13:59:30 | 001,388,094 | ---- | C] () -- C:\Documents and Settings\desmond\My Documents\tdsskiller-8.zip
[2011/05/28 23:14:54 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe
[2011/05/28 23:14:30 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2011/05/28 23:14:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2011/05/28 23:13:41 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2011/05/28 23:13:41 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe
[2011/04/25 19:33:36 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/04/25 19:11:51 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\desmond\Local Settings\Application Data\housecall.guid.cache
[2011/04/23 21:54:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/23 19:46:23 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2011/03/23 19:46:22 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL
[2011/03/23 19:46:22 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll
[2011/03/23 19:46:22 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL
[2011/03/23 19:46:22 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL
[2011/03/23 19:46:22 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL
[2010/09/23 12:58:49 | 000,000,118 | ---- | C] () -- C:\WINDOWS\4xTLCTS_uninstall.ini
[2010/07/01 13:07:17 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/01/02 09:47:05 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\desmond\Application Data\ANICONFIG_{4F1EC7B4-31C9-45F7-A7C5-2085E002C971}.ini
[2009/06/13 17:35:00 | 000,030,384 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/07 13:52:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/07/04 20:08:53 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/07/04 20:08:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\desmond\Application Data\wklnhst.dat
[2007/08/01 22:21:23 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\desmond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/06 19:29:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/07/06 19:28:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/06/28 13:13:39 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/03/01 23:43:09 | 000,001,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/03 13:17:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2005/12/25 17:11:12 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/12/25 17:10:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2005/12/25 17:10:25 | 000,000,238 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2005/12/25 17:10:25 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2005/12/25 17:10:25 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/12/25 17:10:25 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2005/12/25 17:09:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2005/12/20 15:01:52 | 000,028,133 | ---- | C] () -- C:\WINDOWS\WinSig.Ini
[2005/12/20 15:01:52 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Reader.Ini
[2005/12/20 15:01:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\proxydll.dll
[2005/12/20 15:00:55 | 000,002,978 | ---- | C] () -- C:\WINDOWS\WinRos.Ini
[2005/12/20 14:46:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\regset.INI
[2005/12/20 14:44:48 | 000,017,920 | R--- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2005/12/20 14:35:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/12/20 14:26:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/12/20 14:18:44 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\desmond\Local Settings\Application Data\fusioncache.dat
[2005/07/22 17:25:02 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/07/22 17:22:35 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/07/22 17:21:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/07/22 17:21:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/07/22 17:21:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/07/22 17:21:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/07/22 17:21:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/07/22 17:21:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/07/22 17:19:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/13 18:47:33 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2005/07/13 18:37:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/13 13:34:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/07/13 11:57:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/07/13 11:40:17 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2005/07/13 11:28:37 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2005/07/13 11:18:59 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/07/13 11:14:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/13 11:10:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/07/13 10:56:03 | 000,372,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\SNYTVC6.DAT
[2005/07/13 10:56:03 | 000,372,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\SNYTVC61.DAT
[2005/07/13 10:55:55 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/07/13 10:55:28 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/07/13 10:55:27 | 000,459,944 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/13 10:55:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/07/13 10:55:27 | 000,079,432 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/07/13 10:55:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/07/13 10:55:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/07/13 10:55:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/07/13 10:55:23 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/07/13 10:55:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/07/13 10:55:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/07/13 10:55:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/07/13 10:55:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/07/13 04:03:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/07/13 04:01:56 | 000,185,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/17 09:46:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/02 17:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe

========== LOP Check ==========

[2011/05/28 21:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2009/05/18 22:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4A123664
[2009/05/26 12:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4A1C4045
[2006/12/23 22:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2005/12/20 15:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Equis
[2011/03/18 17:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSignal
[2009/01/03 12:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/08/17 10:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/03/23 20:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\performance
[2010/12/02 08:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/08/15 13:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/08/09 13:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/05/18 22:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/10/19 14:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2010/05/02 11:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/24 17:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/19 13:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/30 17:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\AVGTOOLBAR
[2009/01/24 15:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\BSD
[2010/07/01 13:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\Canon
[2011/03/18 17:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\counters
[2011/03/23 19:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\ElevatedDiagnostics
[2011/03/18 17:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\eSignal
[2011/01/11 12:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\FXTS2
[2009/07/28 15:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\GetRightToGo
[2011/04/29 16:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\Grisoft
[2010/01/06 22:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\ICAClient
[2005/07/22 18:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\InterMute
[2007/06/25 17:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\Leadertech
[2010/07/01 15:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\NewSoft
[2010/12/02 08:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\ScanSoft
[2008/07/05 12:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\System Tweaker
[2008/07/04 20:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\Template
[2007/07/08 16:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\tmp
[2009/05/01 17:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\desmond\Application Data\Uniblue
[2011/08/09 12:30:21 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2007/10/06 09:51:59 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 05:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\YBROWSER.EXE\shell\open\command\\: "C:\PROGRA~1\Yahoo!\browser\ybrowser.exe" [2006/08/11 20:53:02 | 000,668,184 | ---- | M] (Yahoo!, Inc.)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-09 19:48:09

< >

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9885B41F

< End of report >

#33 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 21 August 2011 - 09:23 AM

Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
[ClearAllRestorePoints]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.



NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates


  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.


  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#34 User is offline   mjdesmond3001 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 21 August 2011 - 12:45 PM

ran the otl scans
thank u or all your help
i downloaded microsoft security essentials as my antivirus .
should i remove maleware bytes? i just have the free scan

#35 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 22 August 2011 - 10:20 AM

I'd keep MalwareBytes' Anti-Malware and run updated scans with it periodically.

Kindest Regards,
ST
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#36 User is offline   mjdesmond3001 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 26-April 11

Posted 28 August 2011 - 01:59 PM

I'm sorry to keep bugging u sweet tech
But now my computer is running slower than ever.
It seemed fine when we finished, but it has gotten progressively slow. Now, it freezes up and is the slowest I've ever seen it. What can I do besides throw it out the window?

#37 User is offline   SweetTech 

  • Agent ST
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 12,662
  • Joined: 15-March 09
  • Gender:Male
  • Location:Antarctica

Posted 29 August 2011 - 11:23 AM

Hi!

I'm going to suggest you take a look at this thread here: http://www.bleepingcomputer.com/forums/topic87058.html
Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users