Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Stopping Micro Trend Program Install


  • This topic is locked This topic is locked
45 replies to this topic

#16 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:19 PM

Posted 27 February 2012 - 03:49 AM

Hi!

These threat(s) below will be removed very shortly:

C:\System Recovery Files\C\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B5FMYMQ5\brakeless[1].htm HTML/ScrInject.B.Gen virus


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586-s.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\System Recovery Files\C\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B5FMYMQ5\brakeless[1].htm
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Please attempt to re-install your Trend Micro installation and see if you're able to install it successfully.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


BC AdBot (Login to Remove)

 


#17 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 27 February 2012 - 08:12 PM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\System Recovery Files\C\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B5FMYMQ5\brakeless[1].htm moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Angel\Desktop\cmd.bat deleted successfully.
C:\Users\Angel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Angel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11937983 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kids
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5169 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb


[EMPTYFLASH]

User: All Users

User: Angel
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kids
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 02272012_180712

Files\Folders moved on Reboot...
C:\Users\Angel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Angel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YY3NGT3\page__st__15[1].htm moved successfully.

Registry entries deleted on Reboot...

#18 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 27 February 2012 - 09:03 PM

OTL logfile created on: 2/27/2012 6:39:32 PM - Run 3
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Angel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 40.89% Memory free
3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.21 Gb Total Space | 292.36 Gb Free Space | 64.08% Space Free | Partition Type: NTFS
Drive D: | 9.55 Gb Total Space | 0.92 Gb Free Space | 9.58% Space Free | Partition Type: NTFS

Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/27 18:22:08 | 001,300,672 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
PRC - [2012/02/27 18:22:08 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2012/02/27 18:22:08 | 000,129,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2012/02/27 18:21:55 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2012/02/27 18:21:55 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2012/02/23 17:55:12 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/01/16 12:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
PRC - [2010/01/16 12:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/06/24 14:11:22 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2006/11/02 05:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/27 18:22:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll
MOD - [2012/02/27 18:22:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
MOD - [2012/02/27 18:21:55 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2012/02/27 18:21:55 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/27 18:21:55 | 000,200,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/01/16 12:31:40 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/16 12:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe -- (tgsrvc_quickcare) SupportSoft Repair Service (quickcare)
SRV - [2010/01/16 12:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe -- (sprtsvc_quickcare) SupportSoft Sprocket Service (quickcare)
SRV - [2008/06/24 14:11:22 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)


========== Driver Services (SafeList) ==========

DRV - [2012/02/27 18:21:58 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012/02/27 18:21:58 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tmnciesc.sys -- (tmnciesc)
DRV - [2012/02/27 18:21:58 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2012/02/27 18:21:58 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/02/27 18:21:58 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/02/27 18:21:58 | 000,055,056 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tmeevw.sys -- (tmeevw)
DRV - [2012/01/12 21:26:52 | 000,185,856 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\netbt.sys -- (netbt)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/05/24 07:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 12:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 12:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/04/01 13:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/10/26 04:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/01 15:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/11/16 16:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Angel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\firefoxextension [2012/02/27 18:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/02/27 18:45:19 | 000,000,000 | ---D | M]

[2011/01/02 16:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angel\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2012/02/26 18:08:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll File not found
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: pandora.com ([help] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6F60BF-471D-40CE-8E36-CA1C70D18F2D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321546DC-4642-45B9-9091-29294714DE1D}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Users\Angel\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Angel\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/08 01:23:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 18:34:19 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Trend Micro
[2012/02/27 18:33:35 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012
[2012/02/27 18:32:40 | 000,055,056 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmeevw.sys
[2012/02/27 18:32:39 | 000,171,280 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmnciesc.sys
[2012/02/27 18:32:38 | 000,092,432 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2012/02/27 18:32:37 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/02/27 18:32:37 | 000,081,168 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2012/02/27 18:32:37 | 000,068,368 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2012/02/26 18:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/26 18:13:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/26 18:13:28 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\temp
[2012/02/26 18:08:40 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/26 17:32:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/25 10:52:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/25 10:52:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/25 10:52:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/25 10:52:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/24 18:12:43 | 004,419,501 | R--- | C] (Swearware) -- C:\Users\Angel\Desktop\ComboFix.exe
[2012/02/24 17:40:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/23 17:55:09 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2012/02/23 17:45:38 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Angel\Desktop\tdsskiller.exe
[2012/02/19 16:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/19 16:50:00 | 014,848,120 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Angel\Desktop\SUPERAntiSpyware.exe
[2012/02/19 14:26:58 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Angel\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/19 12:50:43 | 000,000,000 | ---D | C] -- C:\Users\Angel\Desktop\32bit
[2012/02/16 20:42:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Trend_Micro
[2012/02/16 20:39:58 | 000,000,000 | ---D | C] -- C:\Users\Angel\Desktop\backups
[2012/02/16 20:38:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Angel\Desktop\HijackThis.exe
[2012/02/16 20:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/02/14 17:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/08 14:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Belkin
[2012/02/07 17:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin
[2012/02/07 17:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/02/07 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy

========== Files - Modified Within 30 Days ==========

[2012/02/27 18:54:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{71F78C2D-1E59-46F2-9ECB-74C92C030166}.job
[2012/02/27 18:34:23 | 000,001,109 | ---- | M] () -- C:\Users\Angel\Desktop\Trend Micro Titanium Internet Security 2012.lnk
[2012/02/27 18:32:34 | 000,630,338 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/27 18:32:34 | 000,112,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/27 18:31:33 | 000,000,056 | ---- | M] () -- C:\Windows\System32\SupportTool.exe.bat
[2012/02/27 18:28:40 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/27 18:28:12 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 18:28:12 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 18:28:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/27 18:27:59 | 2011,738,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 18:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/27 18:21:58 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/02/27 18:21:58 | 000,171,280 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmnciesc.sys
[2012/02/27 18:21:58 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2012/02/27 18:21:58 | 000,081,168 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2012/02/27 18:21:58 | 000,068,368 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2012/02/27 18:21:58 | 000,055,056 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmeevw.sys
[2012/02/26 23:29:47 | 000,879,700 | ---- | M] () -- C:\Users\Angel\Desktop\SecurityCheck.exe
[2012/02/26 18:08:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/26 17:29:19 | 000,002,064 | ---- | M] () -- C:\FixitRegBackup.reg
[2012/02/26 17:28:25 | 000,899,584 | ---- | M] () -- C:\Users\Angel\Desktop\MicrosoftFixit50535.msi
[2012/02/24 18:12:57 | 004,419,501 | R--- | M] (Swearware) -- C:\Users\Angel\Desktop\ComboFix.exe
[2012/02/23 17:55:12 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2012/02/23 17:45:43 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Angel\Desktop\tdsskiller.exe
[2012/02/22 18:28:54 | 000,004,293 | ---- | M] () -- C:\Users\Angel\Desktop\Attach.zip
[2012/02/22 18:14:06 | 000,000,000 | ---- | M] () -- C:\Users\Angel\defogger_reenable
[2012/02/19 20:04:04 | 000,302,592 | ---- | M] () -- C:\Users\Angel\Desktop\7nvz11b0.exe
[2012/02/19 16:50:36 | 014,848,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Angel\Desktop\SUPERAntiSpyware.exe
[2012/02/19 14:27:07 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Angel\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/19 13:12:27 | 000,343,794 | ---- | M] () -- C:\Users\Angel\AppData\Local\census.cache
[2012/02/19 13:12:26 | 000,205,937 | ---- | M] () -- C:\Users\Angel\AppData\Local\ars.cache
[2012/02/16 20:38:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Angel\Desktop\HijackThis.exe
[2012/02/16 20:31:53 | 000,002,427 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2012/02/16 20:11:14 | 376,830,984 | ---- | M] () -- C:\Users\Angel\Documents\bleeped up.reg
[2012/02/16 19:46:03 | 000,001,356 | ---- | M] () -- C:\Users\Angel\AppData\Local\d3d9caps.dat
[2012/02/15 03:33:20 | 000,383,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/08 15:19:50 | 000,003,405 | ---- | M] () -- C:\Users\Angel\Documents\CO Tax payment 2007.pdf
[2012/02/07 18:02:13 | 005,760,054 | ---- | M] () -- C:\Users\Angel\Documents\Internet Explorer Wallpaper.bmp
[2012/02/07 17:25:59 | 000,000,051 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts

========== Files Created - No Company Name ==========

[2012/02/27 18:33:34 | 000,001,109 | ---- | C] () -- C:\Users\Angel\Desktop\Trend Micro Titanium Internet Security 2012.lnk
[2012/02/27 18:31:33 | 000,000,056 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat
[2012/02/26 23:29:43 | 000,879,700 | ---- | C] () -- C:\Users\Angel\Desktop\SecurityCheck.exe
[2012/02/26 17:28:21 | 000,899,584 | ---- | C] () -- C:\Users\Angel\Desktop\MicrosoftFixit50535.msi
[2012/02/25 10:52:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/25 10:52:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/25 10:52:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/25 10:52:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/25 10:52:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/24 18:25:12 | 000,002,064 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/02/22 18:28:54 | 000,004,293 | ---- | C] () -- C:\Users\Angel\Desktop\Attach.zip
[2012/02/22 18:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Angel\defogger_reenable
[2012/02/19 20:04:02 | 000,302,592 | ---- | C] () -- C:\Users\Angel\Desktop\7nvz11b0.exe
[2012/02/16 20:10:37 | 376,830,984 | ---- | C] () -- C:\Users\Angel\Documents\bleeped up.reg
[2012/02/16 19:53:54 | 2011,738,112 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/08 15:19:50 | 000,003,405 | ---- | C] () -- C:\Users\Angel\Documents\CO Tax payment 2007.pdf
[2012/02/07 18:09:31 | 005,760,054 | ---- | C] () -- C:\Users\Angel\Documents\Internet Explorer Wallpaper.bmp
[2012/01/12 21:26:55 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2012/01/08 21:50:45 | 000,343,794 | ---- | C] () -- C:\Users\Angel\AppData\Local\census.cache
[2012/01/08 21:50:13 | 000,205,937 | ---- | C] () -- C:\Users\Angel\AppData\Local\ars.cache
[2012/01/08 21:32:49 | 000,000,036 | ---- | C] () -- C:\Users\Angel\AppData\Local\housecall.guid.cache
[2012/01/04 19:34:06 | 000,002,427 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/01/10 21:55:32 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/12/08 23:36:07 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/09/25 19:30:07 | 000,176,540 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/23 07:42:41 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2010/08/12 02:07:36 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

========== LOP Check ==========

[2010/01/11 07:58:46 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1
[2010/09/22 15:00:16 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\DisplayTune
[2011/01/10 19:53:01 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\eMusic
[2010/04/04 21:38:37 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\HdO Adventure
[2010/05/26 19:43:55 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\iWin
[2011/03/26 16:06:26 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\MP3Rocket
[2009/09/21 14:19:18 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\PlayFirst
[2009/09/20 11:44:17 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Snapfish
[2009/10/04 18:30:45 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Template
[2010/01/27 14:59:28 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\TitanicMystery
[2011/06/02 21:01:27 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Unity
[2010/04/21 04:04:17 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Vivox
[2009/09/22 14:00:53 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\WinBatch
[2012/02/27 18:27:12 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/27 18:54:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{71F78C2D-1E59-46F2-9ECB-74C92C030166}.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/01 18:36:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/01 18:36:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/01 18:36:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/01 18:36:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/10/01 18:36:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 13:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< %systemroot%\*. /rp /s >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-25 20:57:11

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:560DC731
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4A74A9A7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:91486201

< End of report >

#19 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 27 February 2012 - 09:07 PM

I was able to install my Micro Trend program. It had me uninstall SuperAntispyware and MBAM. My computer seems to be fine but it seemed like that before I tried the installation the first time. So I hope from the reports the virus is gone. My internet is coming up faster also. Is there anything else I need to do?

angel305510

#20 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:19 PM

Posted 28 February 2012 - 02:07 AM

Hi angel305510!

Your logs are looking better.

Please run this scan and let me know if it finds any files that need to be replaced.

SFC ScanNow

We need to run SFC Scan Now.

We will need to open up an elevated command prompt. This can be down by clicking on Start > All Programs > Accessories, right click on Command Prompt, and then click on Run as Administrator.

You will need to click Allow.

Type the following command below, and then press ENTER:

sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#21 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 28 February 2012 - 07:43 PM

It said it couldnt replace some files. It gave a log but it was huge and I didnt know if I should post it.

#22 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 29 February 2012 - 07:10 PM

I was just checking the post now and I had a lil difficulty getting on the internet. I had to restart the computer and it took a long time for it to "respond". I dont know exactly why it did it but during the reboot it had to reboot again. Everything was normal at my last post. The internet was working alot faster than it is now.

Edited by angel305510, 29 February 2012 - 07:12 PM.


#23 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:19 PM

Posted 01 March 2012 - 02:35 AM

Hi noogman!

Apologizes on the delay, I had some things come up the last couple of days, and I'm just now getting around to responding to my users.

I was just checking the post now and I had a lil difficulty getting on the internet. I had to restart the computer and it took a long time for it to "respond". I dont know exactly why it did it but during the reboot it had to reboot again. Everything was normal at my last post. The internet was working alot faster than it is now.

That's interesting. Let me take a look at the log from SFC and see what files weren't able to be replaced, and go from there.

You don't happen to have your Windows disc, do you?

Press the Windows Logo in the bottom left corner of your screen.
In the Posted Image box, enter command and right click on Command Prompt and select Run as Administrator.

Copy/Paste the following bolded text into the command window followed by ENTER.

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

Please post the contents of the sfcdetails.txt log file for me to review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#24 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 01 March 2012 - 08:30 AM

No I dont have my windows disc. When I put that bold info into the command window nothing happens. It just shows this- C:\Users\Angel> twice. I have a CBS log on notepad but like I said its huge and im not sure if thats what you're looking for.

#25 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:19 PM

Posted 01 March 2012 - 09:33 AM

Hi!

Running that command didn't put a file on your desktop?

Yes, I am looking for the contents of that CBS.log file.

Do me a favor and attach the CBS.log file for me to review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#26 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 01 March 2012 - 06:58 PM

No it didnt put it on my desktop. I found it though and it says the file is too big to attach even after I tried to compress it.


And by the way I have no problem with the delays. Thanks for the help so far!

Edited by angel305510, 01 March 2012 - 07:20 PM.


#27 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:19 PM

Posted 02 March 2012 - 01:20 AM

Hi angel305510!

And by the way I have no problem with the delays. Thanks for the help so far!

Thanks for understanding, and not a problem, I'm glad to be able to help you out!

I found it though and it says the file is too big to attach even after I tried to compress it.

hmm.. Would you be able to try and submit it to my submission channel for me?

Uploading File
Please visit this site & follow the instructions for uploading the file mentioned below.
Copy/paste the contents of the Code Box below into the Link to topic where this file was requested: box:
http://www.bleepingcomputer.com/forums/topic443764.html/page__view__findpost__p__2617399
Click Browse & navigate to where the CBS.log is saved.

Cheers,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#28 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 02 March 2012 - 04:20 PM

I tried that and this is the message I received:

There was an error uploading your file.

Your file is either 0 bytes or has exceeded the maximum file size of 5MB that we allow to be uploaded.



#29 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:19 PM

Posted 03 March 2012 - 08:22 AM

Could you try uploading the file to MediaFire and see if you're able to do so?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#30 angel305510

angel305510
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 03 March 2012 - 04:51 PM

http://www.mediafire.com/?1q5ky67jng61h96, this is the link to the file.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users