Searches Redirected to Malware - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Searches Redirected to Malware Searches redirect to blank page or malware sites

#1 hdhanson

  • Group: Member
  • Posts: 1
  • Joined: 13-March 11

Posted 14 March 2011 - 10:49 AM

Hi,
I am having an issue with my searches. Google search results in a blank page. Bing & McAfee redirect me to malware sites.
The “Google Redirects Fix” says to backup my registry with ERUNT; however, the description at http://aumha.org/freeware/freeware.php says neither ERUNT or NTRegOpt is for Windows “Vistra”. My Windows is Vista Home Premium SP2 (WinNT 600.1906) on a 32-bit operating system. I get redirects on both Internet Explorer v8.00 and Mozilla Firefox. My first question is should I backup my registry with ERUNT?
Here is the result of my OTM QuickScan:

OTL logfile created on: 3/14/2011 12:33:48 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 97.00 Mb Available Physical Memory | 9.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 33.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 105.12 Gb Free Space | 70.53% Space Free | Partition Type: NTFS

Computer Name: COMPUTER1 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 11:47:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL\OTL.exe
PRC - [2011/03/09 03:47:46 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/03/08 12:25:04 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/01/17 17:15:32 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/03/18 05:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/09/10 18:01:48 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2009/05/07 15:05:44 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/04/27 20:41:58 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/04/11 09:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/26 20:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe
PRC - [2006/11/22 15:56:36 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/13 11:47:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL\OTL.exe
MOD - [2011/01/04 18:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - [2011/03/08 12:25:04 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/18 05:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/06/26 20:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe -- (WlanWpsSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/22 15:56:36 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006/10/23 15:06:58 | 000,061,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\TVTunerLib\TunerLibSvc.exe -- (VAIO TV Tuner Library Service)
SRV - [2006/10/04 19:25:00 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/10/04 19:15:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/04 19:06:58 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2011/03/09 03:47:47 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 23:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 23:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/10/07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/10/07 09:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/08/04 15:19:18 | 000,523,264 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/05/07 21:05:22 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/04/14 16:07:50] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/23 11:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/22 15:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 12:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2004/02/25 10:28:54 | 000,768,256 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smrt.sys -- (smrt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/12 05:26:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/07 08:32:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/09 15:20:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/13 10:51:15 | 000,000,000 | ---D | M]

[2011/03/02 09:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2011/03/11 09:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3ysfazld.default\extensions
[2011/03/11 09:54:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3ysfazld.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/11 09:36:38 | 000,001,834 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3ysfazld.default\searchplugins\bing.xml
[2011/03/11 09:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/12 05:26:02 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2011/03/11 09:36:40 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110306170349.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: army.mil ([webmail.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([www.dencom] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([www.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tsp.gov ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/14 09:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/14 07:46:52 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2011/03/13 19:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware
[2011/03/13 19:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\OTL
[2011/03/13 19:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Hijackthis
[2011/03/13 10:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/03/13 10:50:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/13 10:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/03/13 10:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011/03/13 10:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/03/12 06:11:28 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/03/12 06:11:23 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/03/12 06:08:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
[2011/03/12 06:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/03/12 05:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/12 05:32:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/11 12:40:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Sunbelt Software
[2011/03/11 12:39:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/03/11 12:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/03/11 12:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/03/11 11:56:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Sammsoft
[2011/03/11 09:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/03/11 09:57:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!
[2011/03/11 09:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/03/10 22:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/03/10 22:11:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\HP
[2011/03/10 22:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/03/10 22:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/03/10 22:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/10 22:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/03/10 22:02:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HpUpdate
[2011/03/10 10:25:50 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Yaming Business
[2011/03/10 09:25:25 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Divorce
[2011/03/09 15:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/09 15:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/09 15:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/09 15:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/09 15:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/09 15:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/03/09 15:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/08 23:00:51 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Finance
[2011/03/08 08:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/03/07 14:34:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2011/03/07 14:11:49 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Dental Command
[2011/03/07 08:56:47 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Employment
[2011/03/07 08:48:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HPAppData
[2011/03/07 08:26:58 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Scans
[2011/03/07 08:26:28 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Probation
[2011/03/07 08:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/03/06 21:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2011/03/06 21:46:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HP
[2011/03/06 21:45:12 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Computers
[2011/03/06 21:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/06 21:34:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/06 21:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2011/03/06 20:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/03/06 19:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/06 19:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/03/06 19:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/03/06 19:39:50 | 000,000,000 | ---D | C] -- C:\Windows\zhenghe2
[2011/03/06 19:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/03/06 19:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/03/06 18:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/03/06 18:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/03/06 18:33:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/03/06 18:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/03/06 18:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/03/06 18:27:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Help
[2011/03/06 18:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/03/06 18:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/03/06 18:27:16 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/03/06 18:03:48 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/03/06 18:03:44 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/03/06 18:03:44 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/03/06 18:03:44 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2011/03/06 18:03:44 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/03/06 18:03:44 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2011/03/06 18:03:44 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/03/06 18:03:44 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/03/06 18:03:44 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/03/06 18:03:44 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/03/06 18:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/03/06 18:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/03/06 17:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/03/06 17:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2011/03/06 17:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/03/06 17:27:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/03/06 17:03:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Citrix
[2011/03/06 17:02:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Deployment
[2011/03/06 17:02:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apps
[2011/03/06 16:23:48 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/03/06 16:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/03/05 12:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011/03/05 11:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2011/03/04 21:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
[2011/03/04 21:11:26 | 000,025,896 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\RtlProt.sys
[2011/03/04 21:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2011/03/04 21:07:38 | 000,000,000 | ---D | C] -- C:\Windows\pcidevice
[2011/03/02 21:19:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Games
[2011/03/02 21:18:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011/03/02 15:48:57 | 000,000,000 | ---D | C] -- C:\Windows\Temp5AED8AC6-79BA-463F-A198-A0F41A2739F8-Signatures
[2011/03/02 15:45:35 | 000,000,000 | ---D | C] -- C:\Drivers
[2011/03/02 14:26:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Iosubsys
[2011/03/02 14:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media
[2011/03/02 13:45:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\WinRAR
[2011/03/02 13:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVgate Plus
[2011/03/02 13:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/03/02 13:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2011/03/02 13:05:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Macromedia
[2011/03/02 13:05:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Adobe
[2011/03/02 13:04:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield
[2011/03/02 13:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2011/03/02 13:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2011/03/02 13:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/03/02 09:38:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2011/03/02 09:38:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2011/03/01 16:22:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/01 12:36:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2011/03/14 11:46:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 11:46:45 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 09:06:07 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2011/03/14 07:53:56 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/14 07:53:56 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/14 07:46:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/14 07:46:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/03/14 07:46:16 | 1071,857,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 10:51:16 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/12 06:11:23 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/03/12 06:08:57 | 000,001,031 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/12 05:53:12 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/12 04:56:58 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2011/03/09 15:35:28 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/09 15:20:12 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/03/09 03:47:47 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/03/09 03:47:47 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/03/07 14:15:43 | 000,000,938 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/07 08:34:00 | 000,023,099 | ---- | M] () -- C:\Windows\hpqins15.dat
[2011/03/07 08:20:20 | 000,144,710 | ---- | M] () -- C:\Windows\hpwins16.dat
[2011/03/06 21:40:30 | 000,000,943 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/06 21:38:50 | 000,387,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/06 21:34:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/06 19:57:14 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/03/06 19:56:38 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/03/06 19:55:50 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/06 17:03:11 | 000,103,784 | ---- | M] () -- C:\Users\User\GoToAssistDownloadHelper.exe
[2011/03/05 13:44:38 | 000,000,552 | ---- | M] () -- C:\Windows\eReg.dat
[2011/03/04 21:11:23 | 000,000,747 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2011/03/04 21:11:23 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2011/03/02 09:38:04 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/03/01 12:36:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\atiicdxx.dat

========== Files Created - No Company Name ==========

[2011/03/13 10:51:16 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/13 10:51:16 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/12 06:28:31 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/03/12 06:08:57 | 000,001,031 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/03/12 05:53:12 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/12 05:27:21 | 1071,857,664 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/09 15:35:28 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/09 15:20:12 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/03/07 14:15:43 | 000,000,938 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/07 08:32:01 | 000,023,099 | ---- | C] () -- C:\Windows\hpqins15.dat
[2011/03/06 21:34:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/06 21:22:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/03/06 20:29:54 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/06 20:12:12 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/06 20:12:12 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/06 20:12:12 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/03/06 19:57:33 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/03/06 19:57:14 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/03/06 19:56:38 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/03/06 19:55:50 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/06 19:33:15 | 000,144,710 | ---- | C] () -- C:\Windows\hpwins16.dat
[2011/03/06 18:27:19 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/03/06 18:04:37 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2011/03/06 17:03:11 | 000,103,784 | ---- | C] () -- C:\Users\User\GoToAssistDownloadHelper.exe
[2011/03/05 13:44:38 | 000,000,552 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/04 21:11:23 | 000,000,747 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2011/03/04 21:11:23 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2011/03/02 16:59:45 | 000,000,943 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/02 14:26:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2011/03/02 12:20:30 | 000,171,136 | RHS- | C] () -- C:\grldr
[2011/03/02 09:38:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/01 12:36:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/04/14 14:22:15 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009/10/07 09:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/11 09:18:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 09:18:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 09:18:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2007/10/24 23:02:45 | 000,011,248 | ---- | C] () -- C:\Windows\hpwscr16.dat
[2007/10/24 23:00:40 | 000,001,162 | ---- | C] () -- C:\Windows\hpwmdl16.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,387,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/02 21:18:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011/03/11 12:54:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft
[2010/04/14 16:55:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2011/03/13 20:54:24 | 000,021,234 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#2 ldtate

  • Group: Expert
  • Posts: 1,874
  • Joined: 06-March 05

Posted 19 March 2011 - 09:28 AM

:D

Please don't attach the scans / logs for these tools, use "copy/paste".


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.


If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.



Please do not delete anything unless instructed to.



I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache
http://www.java.com/...lugin_cache.xml


Next:
Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

    If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.


Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


===========================================================================

Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply

FIX

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix for TDL4 or FIXMBR for Whistler Button Select as appropriate

Posted Image

Posted Image



Save the log as before and post in your next reply

#3 ldtate

  • Group: Expert
  • Posts: 1,874
  • Joined: 06-March 05

Posted 22 March 2011 - 05:31 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1