Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Results5 Virus


  • This topic is locked This topic is locked

#1
Stealdo

Stealdo

    New Member

  • Member
  • Pip
  • 6 posts
I've been trying to fix this since yesterday now, i've used many programs such as malwarebytes etc. Last night it appeared I got rid of the trojan from my computer however it's still re-directing me on google searches. Non of the virus programs now are finding the trojan but it is still re-directing me. I've also done flush dns etc and reset the router and the problem hasn't been fixed. My router is the Netgear DG834GT

Here is my latest malwarebytes log...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/08/2010 15:07:28
mbam-log-2010-08-30 (15-07-28).txt

Scan type: Quick scan
Objects scanned: 122003
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And OTL log...

OTL logfile created on: 30/08/2010 14:47:13 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = E:\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): S:\pagefile.sys 5000 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 160.00 Gb Total Space | 79.97 Gb Free Space | 49.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 295.99 Gb Total Space | 230.09 Gb Free Space | 77.73% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 9.77 Gb Total Space | 4.83 Gb Free Space | 49.48% Space Free | Partition Type: NTFS

Computer Name: USER-3E63044EAF
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - E:\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - E:\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3745.dll ()
SRV - (MediaMall Server) -- C:\Program Files\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (GS In-Game Service) -- C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (vvdsvc) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll (南京纳加软件有限公司)
SRV - (ASKService) -- C:\Program Files\AskBarDis\bar\bin\AskService.exe ()
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys File not found
DRV - (catchme) -- C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys File not found
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (RapportBuka) -- C:\WINDOWS\system32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (imagesrv) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys (Ahead Software AG)
DRV - (imagedrv) -- C:\WINDOWS\System32\Drivers\imagedrv.sys (Ahead Software AG)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\WINDOWS\system32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\WINDOWS\system32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\WINDOWS\system32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\WINDOWS\system32\drivers\s115bus.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Search Defender"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.2
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071301000019
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://uk.search-res...o=GB&ver=UN&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/03/29 16:03:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/12 22:55:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/30 12:13:58 | 000,000,000 | ---D | M]

[2008/08/08 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/08/30 13:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\extensions
[2009/09/06 16:45:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/29 17:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2009/02/27 16:59:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/29 17:24:55 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/03/03 22:13:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/03/01 00:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\extensions\[email protected]
[2010/02/10 00:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\extensions\[email protected]
[2009/06/01 18:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\extensions\[email protected]
[2010/04/29 17:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\extensions\[email protected]
[2009/01/11 13:49:46 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\searchplugins\live-search.xml
[2009/09/23 22:39:52 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\as5sxx7u.default\searchplugins\Search.xml
[2010/08/30 13:34:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/30 12:13:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/06/18 07:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/09 01:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/08/09 01:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2009/05/07 16:11:05 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/05/07 16:11:05 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/05/07 16:11:05 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/05/07 16:11:05 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/30 01:59:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe (SurfRight B.V.)
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{FA3A75F3-D4C0-7EF9-890A-8DE85EDA5622}] C:\Documents and Settings\user\Application Data\Byvil\egmei.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\user\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; GTB6.5; Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: antispyexpert.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hmv.co.uk ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hmv.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hmv.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: imageservr.com ([]* in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://ias.broadband...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...ader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemreq...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} http://www.turntool....ewerInstall.exe (TurnTool Scene)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1218192280359 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1218749317468 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://128.128.32.10...sCamControl.cab (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...undLauncher.cab (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futur...ark/tc/MSC3.cab (Measurement Services Client v.3.12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.247 213.109.73.249
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/07 17:28:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/30 13:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/30 13:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gosu
[2010/08/30 13:18:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/30 13:16:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\TFC.exe
[2010/08/30 12:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/30 12:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/30 01:46:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/30 01:09:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/08/29 21:38:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/08/29 21:37:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/08/29 21:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2010/08/29 21:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner
[2010/08/29 20:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/29 20:37:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/08/29 19:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/08/29 19:51:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/29 19:51:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/29 19:51:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/29 19:51:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/29 19:51:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/29 19:44:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/29 19:44:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/29 19:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/29 19:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/29 19:12:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/29 19:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/29 18:52:38 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/08/29 18:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/08/04 23:06:31 | 000,000,000 | ---D | C] -- E:\My Documents\Stes Camera
[2010/07/07 23:26:40 | 000,000,000 | ---D | C] -- E:\My Documents\PHONE BACKUP
[2010/06/15 16:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\ManyCam
[2010/06/15 16:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4
[2010/06/14 17:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1
[2010/06/14 17:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\UPS Widget
[4 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/30 14:49:17 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/08/30 14:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/30 14:37:30 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/30 14:34:51 | 000,272,156 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/30 14:32:32 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/30 14:32:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/30 14:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/30 13:50:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-688789844-1801674531-1004UA.job
[2010/08/30 13:29:45 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NTREGOPT.lnk
[2010/08/30 13:29:45 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ERUNT.lnk
[2010/08/30 13:19:09 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/08/30 13:16:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\TFC.exe
[2010/08/30 13:11:18 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/30 12:39:36 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/30 12:34:38 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F2B261B4-4F0D-42A8-BAFB-D4CD8BFDB9FD}.job
[2010/08/30 12:12:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/30 02:22:19 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/30 01:59:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/30 01:59:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/30 01:46:22 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/08/30 01:32:10 | 000,555,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/30 01:32:10 | 000,465,846 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/30 01:32:10 | 000,079,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/30 01:10:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/08/29 21:38:22 | 000,000,294 | ---- | M] () -- C:\Boot.bak
[2010/08/29 21:22:30 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\FrontLine Registry Cleaner Scheduled Scan - user.job
[2010/08/29 19:29:22 | 003,830,790 | R--- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2010/08/29 18:52:38 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/08/28 07:50:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-688789844-1801674531-1004Core.job
[2010/08/26 20:55:08 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/08/25 00:10:53 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 00:24:47 | 000,000,256 | ---- | M] () -- E:\My Documents\pool.bin
[2010/08/24 00:00:25 | 009,010,012 | ---- | M] () -- E:\My Documents\AutoBackup-(2010-08-23).ipd
[2010/08/23 18:30:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/20 23:50:31 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2010/08/20 23:50:31 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/12 08:33:29 | 001,657,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 00:37:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/03 11:58:26 | 000,127,488 | ---- | M] () -- E:\My Documents\THE ULTIMATE PACKING LIST.doc
[2010/07/26 12:50:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\PCTBD43260062.dmp
[2010/07/26 06:50:41 | 000,039,663 | ---- | M] () -- C:\WINDOWS\System32\PCTBD21660093.dmp
[2010/07/25 20:17:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\PCTBD129665109.dmp
[2010/07/18 20:11:01 | 000,010,836 | ---- | M] () -- E:\My Documents\away list 2.docx
[2010/07/18 20:07:34 | 000,017,197 | ---- | M] () -- E:\My Documents\away games.docx
[2010/07/10 14:20:41 | 000,017,995 | ---- | M] () -- C:\WINDOWS\System32\PCTBD21660296.dmp
[2010/07/04 16:35:45 | 006,524,214 | ---- | M] () -- E:\My Documents\Backup-(2010-07-04).ipd
[2010/06/21 21:41:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\PCTBD49795421.dmp
[2010/06/15 16:38:29 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ManyCam 2.4.lnk
[2010/06/14 17:06:19 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UPS Widget 2.lnk
[2010/06/08 03:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/08 01:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[4 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/30 13:29:45 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\user\Desktop\NTREGOPT.lnk
[2010/08/30 13:29:45 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ERUNT.lnk
[2010/08/30 12:44:43 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/30 12:44:42 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/08/30 12:39:36 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/29 21:38:22 | 000,000,294 | ---- | C] () -- C:\Boot.bak
[2010/08/29 21:38:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/08/29 21:22:30 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\FrontLine Registry Cleaner Scheduled Scan - user.job
[2010/08/29 19:51:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/29 19:51:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/29 19:51:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/29 19:51:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/29 19:51:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/29 19:29:10 | 003,830,790 | R--- | C] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2010/08/29 18:47:30 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/24 00:00:25 | 009,010,012 | ---- | C] () -- E:\My Documents\AutoBackup-(2010-08-23).ipd
[2010/08/03 11:58:15 | 000,127,488 | ---- | C] () -- E:\My Documents\THE ULTIMATE PACKING LIST.doc
[2010/07/26 12:50:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PCTBD43260062.dmp
[2010/07/26 06:50:41 | 000,039,663 | ---- | C] () -- C:\WINDOWS\System32\PCTBD21660093.dmp
[2010/07/25 20:17:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PCTBD129665109.dmp
[2010/07/18 20:11:01 | 000,010,836 | ---- | C] () -- E:\My Documents\away list 2.docx
[2010/07/18 20:07:34 | 000,017,197 | ---- | C] () -- E:\My Documents\away games.docx
[2010/07/10 14:20:41 | 000,017,995 | ---- | C] () -- C:\WINDOWS\System32\PCTBD21660296.dmp
[2010/07/04 16:36:10 | 000,000,256 | ---- | C] () -- E:\My Documents\pool.bin
[2010/07/04 16:35:45 | 006,524,214 | ---- | C] () -- E:\My Documents\Backup-(2010-07-04).ipd
[2010/06/21 21:41:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PCTBD49795421.dmp
[2010/06/15 16:38:29 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ManyCam 2.4.lnk
[2010/06/14 17:06:19 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UPS Widget 2.lnk
[2010/05/03 17:54:17 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/13 14:39:04 | 000,000,922 | ---- | C] () -- C:\Documents and Settings\user\Application Data\BBMS_EXCEPTION.txt
[2010/03/22 18:44:14 | 000,009,932 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\OIXQ
[2010/03/22 18:44:14 | 000,009,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\OIXQ
[2009/10/25 11:05:03 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/10/15 00:58:06 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/09/22 20:01:52 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/06/02 11:35:44 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2009/05/20 09:20:30 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/04/05 18:44:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ssresources.dll
[2009/04/05 18:44:47 | 000,020,481 | ---- | C] () -- C:\WINDOWS\System32\SystemsHook.dll
[2009/03/29 12:13:08 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/29 12:13:08 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\user\Application Data\PnkBstrK.sys
[2009/01/14 15:42:44 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2008/09/28 23:01:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/09/25 12:32:30 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/09/20 22:34:56 | 000,000,399 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2008/08/15 22:28:35 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/15 22:15:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/14 19:25:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/08 13:38:51 | 000,032,861 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/08/08 13:38:50 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/08/08 13:38:41 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/26 12:48:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/07/23 17:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 17:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 17:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 17:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/30 19:31:46 | 000,002,372 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006/04/14 10:37:26 | 000,000,031 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2001/11/19 19:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

========== LOP Check ==========

[2009/03/03 22:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/25 09:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2010/03/30 19:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/25 09:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/08/14 12:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/08/29 21:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2009/01/15 16:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/08/30 13:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gosu
[2010/08/29 20:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/03/29 12:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/08/30 14:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/12/21 11:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/09/25 13:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/08/30 08:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/08/20 13:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/01/04 15:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/05/17 14:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/14 14:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/05/29 09:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sky
[2010/03/30 19:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/29 16:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010/08/28 09:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/05 19:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/08/14 12:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/09/12 00:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/26 18:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Audacity
[2010/01/01 18:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Azureus
[2010/08/30 13:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Byvil
[2010/06/14 17:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1
[2010/03/30 19:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools Lite
[2009/10/25 10:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DAEMON Tools Pro
[2010/08/30 12:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Deux
[2009/10/14 22:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EA
[2009/10/31 14:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GameTracker
[2009/03/29 12:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\id Software
[2010/01/03 21:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LimeWire
[2010/06/15 16:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ManyCam
[2009/06/06 17:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Octoshape
[2008/08/08 13:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2010/03/30 19:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Publish Providers
[2010/01/17 18:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Research In Motion
[2008/09/25 10:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Search Settings
[2010/03/30 19:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sony
[2010/08/25 13:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Spotify
[2010/03/29 16:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Toolbar4
[2010/02/05 19:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Trusteer
[2010/08/29 20:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
[2008/08/08 12:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2009/01/10 13:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search
[2010/08/29 21:22:30 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\FrontLine Registry Cleaner Scheduled Scan - user.job
[2010/08/30 14:37:30 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/08/30 14:49:17 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2010/08/30 12:34:38 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F2B261B4-4F0D-42A8-BAFB-D4CD8BFDB9FD}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/07 17:28:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/29 21:38:22 | 000,000,294 | ---- | M] () -- C:\Boot.bak
[2010/08/30 01:46:22 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2006/02/28 13:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/08/30 02:08:33 | 000,046,961 | ---- | M] () -- C:\ComboFix.txt
[2008/08/07 17:28:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/28 00:54:26 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2008/08/07 17:28:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/07 17:28:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2003/02/24 15:40:16 | 002,787,840 | ---- | M] (Microsoft Corporation) -- C:\MSHTML.DLL
[2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/12 15:33:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/09/26 16:17:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/10/27 13:30:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/11/01 10:25:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/06 23:07:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/07 11:46:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/09/12 15:33:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/09/26 16:17:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/10/27 13:30:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/11/01 10:25:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/12/06 23:07:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/07 11:46:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/08/30 01:25:50 | 000,044,626 | ---- | M] () -- C:\TDSSKiller.2.4.1.3_30.08.2010_01.25.18_log.txt
[2010/08/30 12:31:20 | 000,042,456 | ---- | M] () -- C:\TDSSKiller.2.4.1.3_30.08.2010_12.31.08_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/08/07 17:28:14 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/08/07 18:11:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/07 18:11:42 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/07 18:11:42 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[1 C:\WINDOWS\System32\config\*.tmp files -> C:\WINDOWS\System32\config\*.tmp -> ]

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/07 17:28:36 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/08/07 17:32:14 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/08/07 17:32:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/29 19:29:22 | 003,830,790 | R--- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2009/10/14 21:27:22 | 000,635,776 | ---- | M] (Electronic Arts) -- C:\Documents and Settings\user\Desktop\GFCprerequisites.exe
[2008/09/25 12:31:44 | 029,962,241 | ---- | M] (eRightSoft ) -- C:\Documents and Settings\user\Desktop\SUPERsetup.exe
[2010/08/30 13:16:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\TFC.exe
[2008/08/29 08:44:37 | 003,739,136 | ---- | M] (GOA Games Services Ltd.) -- C:\Documents and Settings\user\Desktop\WAR Europe Downloader.exe
[2010/08/29 22:10:20 | 012,049,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\windows-kb890830-v3.10.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/07 17:32:14 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\user\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-27 07:07:26

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I assume I would be correct in saying that your ISP is not in Turkey ? Once completed let me know whether you are still getting redirected

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.247 213.109.73.249

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Step 1. Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.


Step 2. Right-click the network connection that you want to configure, and then click Properties.


Step 3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click Internet Protocol (TCP/IP), and then click Properties.


Step 4. If you want to obtain DNS server addresses from a DHCP server, click Obtain DNS server address automatically.


Step 5. If you want to manually configure DNS server addresses, click Use the following DNS server addresses, and then type the preferred DNS server and alternate DNS server IP addresses in the Preferred DNS server and Alternate DNS server boxes.

For Preferred DNS, please type in without the quotes "208.67.222.222", and for Alternate DNS type in "208.67.220.220".

The DNS Servers that are used are that of OpenDNS, which you can find out more from here (you don't need an account to use it if you don't want one): http://www.opendns.com/start/
  • 0

#3
Stealdo

Stealdo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
It's been fixed now after I did the custom scan then I used the preferred DNS and the Alternate DNS. I was just wondering whats the difference using these as opposed to non (like previously) If I remove these will the error come back up again? Also, if I reset my router to factory default settings will it work again without using these DNS settings?


My ISP isn't in Turkey?

Thanks and I hope I havn't confused
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The DNS that you are now using is a confirmed good one from OpenDNS If your router is reset then you will still use these ones unless you change them within windows. Alternatively you could set windows to find the DNS automatically, the advantage of OpenDNS is that they will block known malware sites

Looking at that I am a happy bunny :)

I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

Download and run Puran Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#5
Stealdo

Stealdo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Essexboy, everything is running fine :) Just one quick issue. I connected my old PC to this router via an ethernet cable and what do you guess the same redirect virus came up. I put in the DNS settings on that computer and everything was fine. I'm just thinking its something to do with the DNS settings been altered in the router by a trojan? If I reset my router to factory default settings will the DNS problems be gone?

Thanks, Stephen.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep sure would, do you know how to reset your router to factory settings ?

To reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP