Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine redirect and loss of audio

Started by lin51 , May 31 2011 08:30 PM

  • This topic is locked This topic is locked

#1
lin51
Posted 31 May 2011 - 08:30 PM

lin51

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

I attempted to use the fix for Google Redirects posted on this forum but when I reach the point of running TDSSKiller.exe it will not run. I have pasted the OTL log at the end of this message.

Some more info that may be relevant:
- in addition to acquiring the redirects, my laptop also has lost audio
- The problems began two days ago with what I discoverd was the Windows Recovery Virus. I was able to use a fake antivirus recovery tool from the Trend Micro website. That stopped the fake alerts and restored my desktop. But then the redirects began.
- I use Trend Micro Internet Security.

Below is the log. I am grateful for any help! Thank you!

OTL logfile created on: 5/31/2011 9:56:17 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 70.65% Memory free
3.08 Gb Paging File | 2.49 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 56.48 Gb Free Space | 76.09% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/31 21:54:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
PRC - [2009/04/14 07:49:44 | 000,703,008 | -H-- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2008/07/29 14:57:56 | 001,398,024 | -H-- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 14:19:46 | 000,648,456 | -H-- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2007/12/24 18:41:06 | 000,333,064 | -H-- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2006/08/02 19:52:46 | 000,364,544 | -H-- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/03 05:07:28 | 000,802,816 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/07/03 01:50:32 | 000,700,416 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/04/25 20:57:00 | 000,299,008 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/03/02 18:50:52 | 000,151,552 | -H-- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 19:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 15:11:38 | 000,073,728 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/12/16 05:41:28 | 000,188,416 | -H-- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/06 01:06:10 | 001,077,322 | -H-- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/11/10 16:03:52 | 000,241,775 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
PRC - [2005/11/10 16:03:52 | 000,036,975 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/08/16 14:23:12 | 000,188,416 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/12 20:14:42 | 000,040,960 | -H-- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/06/01 00:00:12 | 000,282,624 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 23:59:58 | 000,045,056 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 19:13:20 | 000,122,880 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 19:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 03:32:20 | 000,065,536 | -H-- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/28 03:33:00 | 000,110,592 | -H-- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2011/05/31 21:54:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (EvtEng) Intel®
SRV - [2009/04/14 07:49:44 | 000,703,008 | -H-- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/02/26 14:19:46 | 000,648,456 | -H-- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2007/12/24 18:41:06 | 000,333,064 | -H-- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2006/05/25 21:30:16 | 000,114,688 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 19:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 20:14:42 | 000,040,960 | -H-- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 19:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 000,110,592 | -H-- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2010/07/05 15:20:02 | 000,050,256 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/05 15:19:56 | 000,050,256 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/05 15:19:50 | 000,154,192 | -H-- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/04 16:39:06 | 000,230,928 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 16:38:18 | 000,036,368 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 16:05:06 | 001,322,680 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/02/15 23:37:50 | 000,065,936 | -H-- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/08/25 19:33:50 | 000,061,824 | -H-- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/23 23:37:50 | 004,374,016 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/22 13:11:30 | 000,040,064 | -H-- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/07/13 13:33:10 | 000,074,752 | -H-- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/07/03 03:16:30 | 000,012,544 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/28 19:25:06 | 000,081,920 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/28 14:50:00 | 000,098,816 | -H-- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 19:42:52 | 000,045,696 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/03/18 10:36:42 | 001,155,584 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 21:49:50 | 000,015,360 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005/10/20 17:03:42 | 000,006,144 | -H-- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 17:47:10 | 000,009,344 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 18:20:28 | 000,009,472 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/02 06:33:00 | 000,102,384 | -H-- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 04:47:00 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 17:35:00 | 000,012,032 | -H-- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 16:13:04 | 000,033,588 | RH-- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/05/31 21:20:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/09/05 21:48:25 | 000,000,000 | -H-D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/09/05 21:48:25 | 000,000,000 | -H-D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/09/05 21:48:25 | 000,000,000 | -H-D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/09/05 21:48:25 | 000,000,000 | -H-D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} http://live.morrison...MMP4Control.ocx (IMMP4Control Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 22:37:30 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 21:54:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2011/05/31 21:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\tdsskiller
[2011/05/31 21:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\GooredFix Backups
[2011/05/31 21:35:33 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\owner\Desktop\GooredFix.exe
[2011/05/31 21:19:39 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/31 21:17:40 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTM.exe
[2011/05/31 21:16:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/31 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/31 21:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/31 21:11:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\owner\Desktop\erunt-setup.exe
[2011/05/30 17:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\RootkitBuster_3.60.1016
[2011/05/30 17:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\log
[2011/05/29 09:05:13 | 001,914,496 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\owner\Desktop\HousecallLauncher.exe
[2011/05/29 08:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Start Menu\Programs\HiJackThis
[2011/05/28 15:56:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\owner\Recent
[2011/05/18 22:27:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\owner\Desktop\Programs
[2011/05/18 22:26:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\owner\Desktop\exercise
[2011/05/18 22:22:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\owner\Desktop\Recipes
[2011/05/18 21:05:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\owner\Desktop\PayFlex11
[2006/07/19 18:49:10 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 30 Days ==========

[2011/05/31 21:54:35 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2011/05/31 21:43:23 | 000,000,287 | -H-- | M] () -- C:\Documents and Settings\owner\Desktop\QuitNet Clubs!.url
[2011/05/31 21:36:42 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\tdsskiller.zip
[2011/05/31 21:35:41 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\owner\Desktop\GooredFix.exe
[2011/05/31 21:33:47 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2011/05/31 21:30:47 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/31 21:29:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/31 21:29:00 | 2673,922,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/31 21:20:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/31 21:18:17 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTM.exe
[2011/05/31 21:14:03 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/31 21:13:34 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\NTREGOPT.lnk
[2011/05/31 21:13:34 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\ERUNT.lnk
[2011/05/31 21:12:19 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\owner\Desktop\erunt-setup.exe
[2011/05/31 20:22:05 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\HiJackThis.lnk
[2011/05/30 17:00:41 | 001,113,789 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\RootkitBuster_3.60.1016.zip
[2011/05/30 14:50:53 | 000,000,519 | -H-- | M] () -- C:\Documents and Settings\owner\Desktop\Welcome to Gmail.url
[2011/05/29 09:05:33 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\housecall.guid.cache
[2011/05/29 09:05:16 | 001,914,496 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\owner\Desktop\HousecallLauncher.exe
[2011/05/28 16:15:29 | 001,674,815 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\FakeAVRemover_1.0.1015.zip
[2011/05/28 16:14:38 | 000,286,261 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\1056510.pdf
[2011/05/28 07:29:11 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~23387940r
[2011/05/28 07:29:11 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~23387940
[2011/05/18 07:35:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/10 21:56:33 | 000,034,096 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2011/05/31 21:36:34 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\tdsskiller.zip
[2011/05/31 21:14:03 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/05/31 21:13:34 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\NTREGOPT.lnk
[2011/05/31 21:13:34 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\ERUNT.lnk
[2011/05/30 17:00:31 | 001,113,789 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\RootkitBuster_3.60.1016.zip
[2011/05/29 09:05:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\housecall.guid.cache
[2011/05/29 08:59:40 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\HiJackThis.lnk
[2011/05/28 16:16:40 | 001,674,815 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\FakeAVRemover_1.0.1015.zip
[2011/05/28 16:14:38 | 000,286,261 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\1056510.pdf
[2011/05/28 07:29:11 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~23387940r
[2011/05/28 07:29:10 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~23387940
[2011/05/10 21:56:33 | 000,034,096 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/14 15:21:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ToDisc.INI
[2008/07/03 07:22:10 | 000,000,047 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/28 21:23:02 | 000,154,192 | -H-- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2007/12/28 21:23:02 | 000,050,256 | -H-- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2007/12/28 21:23:02 | 000,050,256 | -H-- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2006/11/11 21:27:09 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/11 12:08:05 | 000,684,032 | -H-- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/11 12:08:05 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/11 11:51:29 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/11 11:51:29 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat
[2006/10/20 06:47:54 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/31 17:27:28 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/31 17:27:28 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/08/11 17:33:33 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/11 17:33:33 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/11 17:33:33 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/11 17:33:33 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/11 17:33:33 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/11 17:33:33 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/11 17:12:03 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006/08/11 17:12:03 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006/07/19 22:50:30 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/07/19 22:38:09 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/19 22:13:07 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\Pix11.dat
[2006/07/19 20:51:22 | 000,036,736 | -H-- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/07/19 20:51:22 | 000,029,184 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/07/19 19:18:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/07/19 19:02:31 | 000,356,352 | -H-- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/07/19 19:01:55 | 000,128,113 | -H-- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/07/19 19:01:55 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/07/19 19:01:55 | 000,010,165 | -H-- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/07/19 19:01:55 | 000,007,671 | -H-- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/07/19 18:49:10 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/07/18 22:44:06 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/18 22:40:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/18 22:33:55 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/18 22:32:30 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/07/18 20:52:17 | 000,000,341 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/18 20:48:33 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/07/18 20:48:33 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/07/18 20:48:33 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/07/18 20:48:33 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/07/18 20:48:33 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/07/18 20:47:49 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/18 20:47:41 | 000,443,482 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/18 20:47:41 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/18 20:47:41 | 000,072,582 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/18 20:47:41 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/18 20:47:39 | 000,004,688 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/18 20:47:37 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/18 20:47:33 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/18 20:47:21 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/18 20:47:21 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/18 20:47:01 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/18 20:46:50 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/18 15:28:34 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/18 15:27:45 | 000,182,632 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/02 17:44:00 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 18:20:28 | 000,009,472 | -H-- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 17:01:54 | 000,235,008 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 00:30:00 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 20:04:00 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 17:43:00 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 18:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/05/28 17:08:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GoBoingo
[2006/07/19 22:39:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/19 19:50:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/08/11 17:32:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/02/18 23:18:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/17 00:18:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\owner\Application Data\FinalMediaPlayer
[2006/07/19 19:58:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\owner\Application Data\toshiba
[2011/05/31 21:33:47 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job

========== Purity Check ==========



< End of report >


An Extras.Txt log also appeared
OTL Extras logfile created on: 5/31/2011 9:56:17 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 70.65% Memory free
3.08 Gb Paging File | 2.49 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 56.48 Gb Free Space | 76.09% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
"C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro AntiVirus
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}" = Toshiba Media Center Game Console
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Desktop Dialer" = Desktop Dialer
"ERUNT_is1" = ERUNT 1.1j
"FinalMediaPlayer_is1" = Final Media Player 2011
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa2" = Picasa 2
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"QuickTime" = QuickTime
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trusted Software Assistant_is1" = File Type Assistant
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT004723" = Blasterball 2 Revolution
"WT004829" = Polar Golfer
"WT006066" = FATE
"WT006448" = Blackhawk Striker 2
"WT006527" = Polar Bowler
"WT009503" = Penguins!
"WT009952" = Chuzzle Deluxe
"WT009953" = Mah Jong Quest
"WT009954" = SCRABBLE
"WT010043" = Bejeweled 2 Deluxe
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Music Engine" = Yahoo! Music Jukebox
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/23/2010 3:53:18 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/23/2010 3:53:18 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/23/2010 3:53:18 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/23/2010 3:53:18 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/23/2010 3:53:55 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/7/2010 8:57:10 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application SfCtlCom.exe, version 16.10.0.2012, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/12/2010 10:55:42 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 10.0.0.1270, faulting
module unknown, version 0.0.0.0, fault address 0x410092ed.

Error - 11/13/2010 7:01:53 AM | Computer Name = TOSHIBA-USER | Source = Userenv | ID = 1068
Description = Windows ended GPO processing because the computer shut down or the
user logged off.

Error - 11/13/2010 4:02:09 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 10.0.0.1270, faulting
module unknown, version 0.0.0.0, fault address 0x410092ed.

Error - 11/13/2010 4:02:51 PM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ System Events ]
Error - 5/31/2011 9:19:39 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The DVD-RAM_Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/31/2011 9:19:39 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Media Center Scheduler Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/31/2011 9:19:39 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/31/2011 9:19:40 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Central Control Component service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/31/2011 9:19:40 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 5/31/2011 9:19:40 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The TOSHIBA Optical Disc Drive Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/31/2011 9:19:40 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The TOSHIBA Application Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/31/2011 9:20:41 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Unauthorized Change Prevention Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 5/31/2011 9:20:41 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Proxy Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/31/2011 9:29:07 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7001
Description = The Intel® PROSet/Wireless Service service depends on the Intel®
PROSet/Wireless Event Log service which failed to start because of the following
error: %%1058


< End of report >
  • 0

Advertisements

#2
Gammo
Posted 02 June 2011 - 06:19 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.





Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/05/28 07:29:11 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~23387940r
[2011/05/28 07:29:11 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~23387940

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:

    Click me

    If you can't disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
lin51
Posted 02 June 2011 - 08:23 PM

lin51

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello, Gammo,
Thank you for your kind assistance and very clear instructions. I have followed them and below is the ComboFix.txt log. I did a quick search engine test run and so far no redirects. Also the audio is now working. You are my hero! Please advise if I need to do anything in addition. Thank you thank you thank you!
Lin

ComboFix 11-06-02.02 - owner 06/02/2011 21:59:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.2120 [GMT -4:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-03 01:38 . 2011-06-03 01:38 -------- d-----w- C:\_OTL
2011-06-01 01:19 . 2011-06-01 01:19 -------- d-----w- C:\_OTM
2011-06-01 01:13 . 2011-06-01 01:14 -------- d-----w- c:\program files\ERUNT
2011-05-30 21:00 . 2011-05-30 21:00 -------- d-----w- c:\documents and settings\owner\log
2011-05-29 12:59 . 2011-05-29 12:59 388096 ----a-r- c:\documents and settings\owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2006-07-19 02:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"TFncKy"="TFncKy.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 700416]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-04-02 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
.
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 2:50 PM 98816]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/28/2007 9:23 PM 50256]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/18/2007 2:10 AM 36368]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [12/28/2007 9:23 PM 648456]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-17 21:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} - hxxp://live.morrisonslbi.com/ocx/IMMP4Control.ocx
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Cleanup - c:\docume~1\owner\LOCALS~1\Temp\2006111175822_mcappins.exe
MSConfigStartUp-msci - c:\docume~1\owner\LOCALS~1\Temp\2006111175819_mcinfo.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 22:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EvtEng]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TODDSrv.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-06-02 22:11:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-03 02:11
.
Pre-Run: 60,434,620,416 bytes free
Post-Run: 60,322,959,360 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0F57BC067807EA306386640C9D622102
  • 0

#4
Gammo
Posted 03 June 2011 - 02:49 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#5
lin51
Posted 03 June 2011 - 06:58 PM

lin51

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you again, Gammo. I followed the instructions in your post. Following are the two resulting logs:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6767

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2011 7:29:33 PM
mbam-log-2011-06-03 (19-29-33).txt

Scan type: Quick scan
Objects scanned: 172423
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=572099b79dd74b438bf977585a689558
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-04 12:30:22
# local_time=2011-06-03 08:30:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=514 16776869 100 97 0 142829606 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=84523
# found=3
# cleaned=3
# scan_time=2907
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP645\A0088205.exe a variant of Win32/Kryptik.OKR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP645\A0088206.exe a variant of Win32/Kryptik.OKR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP652\A0088496.sys Win32/Olmasco.E trojan (deleted - quarantined) 00000000000000000000000000000000 C



And thank you for the remind to re-enable my Anti-Virus!

Lin
  • 0

#6
Gammo
Posted 05 June 2011 - 05:10 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :)
  • 0

#7
lin51
Posted 05 June 2011 - 07:14 PM

lin51

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Gammo,
I can't thank you enough for walking me through these solutions and for the very good suggestions you leave me with. I plan to spend time implementing these.
Bests,
Lin
  • 0

#8
Gammo
Posted 12 July 2011 - 07:42 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP