Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Results Redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 Brad93

Brad93

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 01 February 2011 - 10:02 AM

Hi all
Been having some problems with my Toshiba Laptop running Windows XP SP3. For the past few weeks search results in Google have been redirecting to remotely similar advertising sites. Now owning a PC for the past 7 years I'm no stranger to virus's but this one is particularly hard for me to crack. I have ESET installed but its subscription run out a few weeks ago and then i seemed to get the virus / malware. I've been able to run HijackThis logs and most antivirus programs such as Eset, Malwarebytes and SuperAntiSpyware which found a few problems and removed them which fixed the problem with muddled up keystrokes (for example pressing a . would give you a j.). However the redirect problem remains and I am unable to run a DDS log or GMER log to help me find the problem as they both just hang and crash the computer at various stages whether in Safe Mode or Normal mode. Running ComboFix (Used as directed on the last virus i had over a year ago) also causes the computer to hang in either mode meaning i have to do a manual restart.
Can anyone help please
Regards
Brad

Edited by Brad93, 01 February 2011 - 12:40 PM.


BC AdBot (Login to Remove)

 


#2 Brad93

Brad93
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 05 February 2011 - 05:28 AM

Hi its been 5 days and i haven't had any reply and the virus seems to be slowing my computer down loads now so i've decided it needs a bump

#3 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 05 February 2011 - 07:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#4 Brad93

Brad93
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 05 February 2011 - 07:18 PM

Thankyou for your reply. I have tried to run the DDS scan again; but it just hung in the same place as before and i had to manually restart the computer (I have taken a photo of where it hangs everytime). I rebooted and Windows decided to run CHKDSK as it had "recovered from a serious error". Tried to run the DDS scan after that had finished; but again it just hangs and i have to restart. I then tried running the GMER scan and first time round it just crashed the computer and i got a notification from Windows that it had recovered from a serious error. Re-ran GMER but this time round was able to get a log.

Thanks
Brad

Attached Files



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:17 AM

Posted 06 February 2011 - 03:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Brad93

Brad93
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 06 February 2011 - 05:55 AM

Hi gringo thanks for your response i couldn't download from the link your provided as tyhere server kept timing out so i went to geeks to go and downloaded a mirror. Log as follows

OTL logfile created on: 06/02/2011 10:44:57 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Limit Acc\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 415.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 3.52 Gb Free Space | 6.30% Space Free | Partition Type: NTFS

Computer Name: FRED | User Name: Limit Acc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Limit Acc\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Limit Acc\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WANMiniportService) WAN Miniport (ATW) -- File not found
SRV - (Symantec Core LC) -- File not found
SRV - (RoxWatch9) -- File not found
SRV - (RoxMediaDB9) -- File not found
SRV - (RoxLiveShare9) -- File not found
SRV - (PEVSystemStart) -- File not found
SRV - (HidServ) -- File not found
SRV - (helpsvc) -- File not found
SRV - (getPlusHelper) getPlus® -- File not found
SRV - (FLEXnet Licensing Service) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AOLService) -- File not found
SRV - (AOL ACS) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (TPwSav) -- C:\WINDOWS\system32\drivers\TPwSav.sys (TOSHIBA )
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsubleepa Electric Industrial Co.,Ltd.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1053481222-2057192921-1286624884-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-1053481222-2057192921-1286624884-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk
IE - HKU\S-1-5-21-1053481222-2057192921-1286624884-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/30 08:08:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/25 15:21:41 | 000,000,000 | ---D | M]

[2011/01/14 11:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Limit Acc\Application Data\Mozilla\Extensions
[2011/01/14 11:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Limit Acc\Application Data\Mozilla\Firefox\Profiles\y31a3wr9.default\extensions
[2011/01/26 00:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/11 12:13:42 | 000,000,057 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1053481222-2057192921-1286624884-1009\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1053481222-2057192921-1286624884-1009\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Limit Acc\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Limit Acc\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1053481222-2057192921-1286624884-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1053481222-2057192921-1286624884-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab (Image Uploader Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} https://skyfex.com/download/SkyFexExpert.cab (SkyFex Expert Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F84E0B64-1E86-4640-8094-5B38CEB28C1E} https://skyfex.com/download/SkyFexClient.cab (SkyFex Client Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Limit Acc\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Limit Acc\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/25 10:28:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1053481222-2057192921-1286624884-1009\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1053481222-2057192921-1286624884-1009\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/06 10:43:14 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Limit Acc\Desktop\OTL.exe
[2011/02/06 10:42:53 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Limit Acc\Desktop\OTL.scr
[2011/02/06 02:36:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Limit Acc\Recent
[2011/02/05 15:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Desktop\gmer
[2011/02/05 15:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\PCHealth
[2011/02/03 22:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Tracing
[2011/02/01 23:53:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/02/01 23:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Microsoft Corporation
[2011/02/01 23:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/02/01 23:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Real
[2011/02/01 22:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Auslogics
[2011/02/01 17:32:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/02/01 17:03:10 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/02/01 17:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\My Documents\New Folder
[2011/02/01 16:52:07 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Limit Acc\Desktop\HijackThis.exe
[2011/01/31 14:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Richard_Z.H._Wang
[2011/01/27 14:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/01/27 13:21:52 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/01/25 15:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/25 15:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/24 20:19:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Limit Acc\PrivacIE
[2011/01/24 19:45:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/24 19:45:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/24 19:45:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/24 19:45:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/24 19:24:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/24 19:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Malwarebytes
[2011/01/23 14:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\SUPERAntiSpyware.com
[2011/01/23 14:01:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2011/01/23 14:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\speechengines
[2011/01/23 14:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\mssoap
[2011/01/23 14:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/01/22 12:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\AdobeUM
[2011/01/21 15:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Sun
[2011/01/21 13:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Research In Motion
[2011/01/21 01:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Apple
[2011/01/21 01:42:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Limit Acc\My Documents\My Music
[2011/01/21 01:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Start Menu\Programs\Dropbox
[2011/01/21 01:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Dropbox
[2011/01/21 01:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Desktop\Brad
[2011/01/21 01:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\My Documents\Music
[2011/01/21 01:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\My Documents\NewDivide
[2011/01/21 01:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\My Documents\A Level
[2011/01/14 11:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Apple Computer
[2011/01/14 11:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Apple Computer
[2011/01/14 11:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Mozilla
[2011/01/14 11:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Mozilla
[2011/01/14 11:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\ESET
[2011/01/14 11:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\{7750555F-23D9-4162-A53E-A4A72F25A232}
[2011/01/14 11:12:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Limit Acc\IETldCache
[2011/01/14 11:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Macromedia
[2011/01/14 11:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Identities
[2011/01/14 11:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Adobe
[2011/01/14 11:11:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Limit Acc\Application Data\Microsoft
[2011/01/14 11:11:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Limit Acc\SendTo
[2011/01/14 11:11:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Limit Acc\Application Data
[2011/01/14 11:11:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Limit Acc\Start Menu\Programs\Startup
[2011/01/14 11:11:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Limit Acc\Start Menu
[2011/01/14 11:11:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Limit Acc\My Documents\My Pictures
[2011/01/14 11:11:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Limit Acc\My Documents
[2011/01/14 11:11:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Limit Acc\Favorites
[2011/01/14 11:11:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Limit Acc\Start Menu\Programs\Accessories
[2011/01/14 11:11:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Limit Acc\Cookies
[2011/01/14 11:11:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Limit Acc\Templates
[2011/01/14 11:11:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Limit Acc\PrintHood
[2011/01/14 11:11:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Limit Acc\Local Settings
[2011/01/14 11:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\WINDOWS
[2011/01/14 11:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\toshiba
[2011/01/14 11:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Symantec
[2011/01/14 11:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Application Data\Sonic
[2011/01/14 11:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Nethood
[2011/01/14 11:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Microsoft Help
[2011/01/14 11:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Microsoft
[2011/01/14 11:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Desktop
[2011/01/14 11:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\ApplicationHistory
[2011/01/14 11:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Adobe
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/06 10:43:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Limit Acc\Desktop\OTL.exe
[2011/02/06 10:42:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Limit Acc\Desktop\OTL.scr
[2011/02/06 03:19:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/06 02:12:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/06 02:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FRED-Limit Acc.job
[2011/02/06 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FRED-Brad.job
[2011/02/05 15:51:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/05 15:51:57 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/05 15:51:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/05 15:51:24 | 937,607,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/05 15:39:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Limit Acc\defogger_reenable
[2011/02/05 15:38:26 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Limit Acc\Desktop\gmer.zip
[2011/02/05 15:36:27 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Limit Acc\Desktop\Defogger.exe
[2011/02/05 15:10:33 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Limit Acc\Desktop\dds.scr
[2011/02/01 23:52:25 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/02/01 16:10:08 | 004,263,406 | R--- | M] () -- C:\Documents and Settings\Limit Acc\Desktop\ComboFix.exe
[2011/01/28 12:38:36 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\dds.com
[2011/01/28 09:26:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/01/25 15:21:53 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Limit Acc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/25 15:21:53 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/24 20:05:50 | 000,065,121 | ---- | M] () -- C:\Documents and Settings\Limit Acc\My Documents\bookmarks-2011-01-24.json
[2011/01/23 06:51:14 | 000,445,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/23 06:51:14 | 000,073,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/22 15:54:58 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Nmeya.dat
[2011/01/21 01:35:56 | 000,001,010 | ---- | M] () -- C:\Documents and Settings\Limit Acc\Desktop\Dropbox.lnk
[2011/01/21 01:35:12 | 000,001,010 | ---- | M] () -- C:\Documents and Settings\Limit Acc\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/15 15:29:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/14 11:13:23 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Nmeya.dat
[2011/01/14 11:13:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Kqiwihajile.bin
[2011/01/14 11:12:34 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Limit Acc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/05 15:39:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Limit Acc\defogger_reenable
[2011/02/05 15:38:25 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Desktop\gmer.zip
[2011/02/05 15:36:25 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Desktop\Defogger.exe
[2011/02/01 23:52:25 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/02/01 23:52:25 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/02/01 20:44:26 | 937,607,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/01 16:22:47 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Desktop\dds.scr
[2011/02/01 16:20:12 | 004,263,406 | R--- | C] () -- C:\Documents and Settings\Limit Acc\Desktop\ComboFix.exe
[2011/01/31 14:07:10 | 000,001,397 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Start Menu\Programs\FluffyApp.lnk
[2011/01/28 12:38:13 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\dds.com
[2011/01/25 15:21:53 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/25 15:21:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/24 20:05:50 | 000,065,121 | ---- | C] () -- C:\Documents and Settings\Limit Acc\My Documents\bookmarks-2011-01-24.json
[2011/01/24 19:45:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/24 19:45:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/24 19:45:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/24 19:45:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/24 19:45:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/21 18:30:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FRED-Limit Acc.job
[2011/01/21 01:35:56 | 000,001,010 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Desktop\Dropbox.lnk
[2011/01/21 01:35:12 | 000,001,010 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Start Menu\Programs\Startup\Dropbox.lnk
[2011/01/21 01:09:44 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Limit Acc\My Documents\Time Sheets farriery.xls
[2011/01/14 11:13:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Nmeya.dat
[2011/01/14 11:13:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Local Settings\Application Data\Kqiwihajile.bin
[2011/01/14 11:12:34 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Start Menu\Programs\Internet Explorer.lnk
[2011/01/14 11:12:16 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Start Menu\Programs\Windows Media Player.lnk
[2011/01/14 11:11:34 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/14 11:11:34 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/14 11:11:33 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Limit Acc\Start Menu\Programs\Remote Assistance.lnk
[2009/07/11 22:49:28 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/04/22 18:23:07 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/04/22 18:23:07 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/02/07 12:20:14 | 000,000,692 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/11/23 17:57:17 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/08/25 11:11:23 | 000,482,304 | ---- | C] () -- C:\WINDOWS\System32\ImageDB.dll
[2008/07/31 23:51:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/07/31 23:50:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/05/16 22:08:19 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/01/29 21:13:19 | 000,000,167 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/01/28 20:56:30 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/01/28 20:50:16 | 000,013,167 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/07 19:51:26 | 000,000,525 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2007/11/07 19:51:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\F5D9050.dll
[2007/09/18 15:35:11 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/09/18 15:34:03 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/06/15 22:11:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2007/02/25 07:59:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2007/02/02 22:27:49 | 000,002,182 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/01 19:50:47 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2006/12/27 20:34:59 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/27 20:34:59 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/25 23:03:06 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/02/19 12:03:10 | 000,003,999 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2006/01/12 19:31:42 | 000,006,830 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/12 18:45:33 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2006/01/02 17:18:14 | 001,089,536 | ---- | C] () -- C:\WINDOWS\System32\XWheel.dll
[2006/01/02 17:18:11 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2005/08/26 09:52:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/26 09:40:34 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini
[2005/08/26 09:25:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/26 08:19:15 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/08/26 08:19:15 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/08/25 15:31:34 | 000,000,228 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/25 15:30:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/25 15:30:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/25 15:30:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/25 15:30:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/25 15:30:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/25 15:30:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/25 15:28:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/08/25 15:09:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/08/25 15:03:42 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/08/25 15:02:54 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/08/25 15:02:54 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/08/25 15:02:53 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/08/25 15:02:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/08/25 11:19:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/25 10:31:45 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/25 09:12:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2005/08/25 09:12:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/02 09:39:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/06/30 20:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/20 09:24:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/06/13 08:11:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/06/06 08:44:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/06/06 08:39:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2003/03/27 16:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD4796A2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:17 AM

Posted 06 February 2011 - 12:32 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Brad93

Brad93
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 07 February 2011 - 07:31 AM

Hi gringo. I have tried to run the ComboFix scan twice in Normal mode but it gets to the stage of creating the log an combofix hangs and i have to manually restart my computer. I will attempt again once more in normal mode and then in safe mode to see if that gives us any joy

Regards
Brad

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:17 AM

Posted 07 February 2011 - 12:59 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Brad93

Brad93
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 07 February 2011 - 04:06 PM

Hi gringo. Sorry i tried to run the Combofix scan in Safe mode but again it hanged and i had to do a manual restart. I completly uninstalle eset incase that was the issue and i made sure no programs were running and wifi was switched off.
Any ideas? i took a picture of where it hung if that is any use

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:17 AM

Posted 07 February 2011 - 06:07 PM

Hello


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Brad93

Brad93
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 08 February 2011 - 09:36 AM

Hi gringo the TDSS scan didn't find anything and didn't offer a log or report?

Thankyou for your continued help - i'm sure this one is starting to get annoying now
regards
Brad

#13 Brad93

Brad93
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 11 February 2011 - 08:43 AM

Hi gringo Please close the topic - while running a virus scan on the said laptop it fell off my bed went to restart it and it wont boot onto Windows. Seems there is a hdd problem guessing from the rattling coming from it.

Brad

Hi gringo Please close the topic - while running a virus scan on the said laptop it fell off my bed went to restart it and it wont boot onto Windows. Seems there is a hdd problem guessing from the rattling coming from it.

Brad

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:17 AM

Posted 11 February 2011 - 12:38 PM

Ouch and thanks for letting me know



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:17 AM

Posted 14 February 2011 - 03:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users