Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirects & Pop-Ups, Extended Issues


  • This topic is locked This topic is locked

#1
Aquaseity

Aquaseity

    New Member

  • Member
  • Pip
  • 2 posts
Hello, and thank you (meaning anyone) in advance for their response!

Covering what happens
I am running Windows XP. Google searches provide links that, upon opening, immediately redirect to an assortment of other site, sometimes related to the original google search. In addition, nonsense pop-up occur throughout the day, always opening with Internet Explorer. I only ever use firefox, but the pop-ups always happen with IE. I downloaded Safari and the same things happened with the redirecting. I uninstalled and reinstalled firefox as well, but to no avail. I restored the computer as well, but am still redirected and still get about 100 IE pop ups a day. Additionally, ever since these problems began, my computer's speakers occassionally play what sounds like commercials. Even with iTunes closed and no web browser window open. Sometimes a few play back to back, sometimes they repeat, and sometimes nothing happens at all. I can't say how mystifying that part of the problem is.

Covering what I've done so far
Posting on this forum is a last resort, as I know that guides and tutorials are here for a reason. I have gone through them and tried about everything I could on my own. I am having the Google redirects problem with malware. I read all 12 pages of the "How To Fix Google Redirects" page, and downloaded each program in the instructions. Things were going fine until I tried to open TDSSkiller. The icon merely blinks and nothing happens. I downloaded it three more times from Geekstogo and twice from Kasperky's website to the same effect. On page 12 of the aforementioned thread, another user had the same issue, and I followed the instructions the admin by reading and following the steps in "Malware Removal Tools Won't Run Tutorial." Both programs in that thread (rkill and exehelper) opened and ran fine, and but TDSSkiller still would not. I then downloaded and ran MBAM with a quick scan. It found nothing. I am running a full-scan now, but after 60,000 files there is still nothing found. I tried TDSSkiller again, just to make sure, but it still won't open.

Lastly, I came to the new-thread tutorial, downloaded and ran OTL using quick scan, and what follows are the results.

OTL Log
OTL logfile created on: 6/25/2011 2:58:13 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Thomas Eric\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 398.47 Mb Available Physical Memory | 38.97% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.12% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 11.83 Gb Free Space | 42.37% Space Free | Partition Type: NTFS

Computer Name: HOME-A9OI0EIK5K | User Name: Thomas Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 14:57:14 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thomas Eric\My Documents\Downloads\OTL.exe
PRC - [2011/06/24 06:18:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/10/11 20:56:26 | 000,238,008 | ---- | M] () -- C:\Program Files\LG Electronics\LGE LTE Driver\vmsvc.exe
PRC - [2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 14:57:14 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thomas Eric\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 01:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2001/03/08 15:45:03 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - [2010/10/11 20:56:26 | 000,238,008 | ---- | M] () [Auto | Running] -- C:\Program Files\LG Electronics\LGE LTE Driver\vmsvc.exe -- (LGE NDIS Connection Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/27 12:47:18 | 000,101,888 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEmdm.sys -- (LGELTEmdm)
DRV - [2010/10/27 12:47:14 | 000,033,408 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEBus.sys -- (LGELTEBus)
DRV - [2010/10/27 12:47:10 | 000,102,784 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEprt.sys -- (LGELTEprt)
DRV - [2010/10/27 12:47:06 | 000,049,408 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTENdis.sys -- (LGELTENdis)
DRV - [2010/10/27 12:47:04 | 000,038,144 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGELTEMux.sys -- (LGELTEMux)
DRV - [2009/01/26 18:13:41 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 18:13:39 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2004/08/04 00:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/08/28 23:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/06 14:21:47 | 000,037,440 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 13:10:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 11:17:22 | 000,000,000 | ---D | M]

[2011/06/20 21:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thomas Eric\Application Data\Mozilla\Extensions
[2011/06/20 21:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/03/15 03:09:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/24 06:18:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/25 14:00:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKCU..\Run: [MSMSGS] File not found
O4 - HKCU..\Run: [waeibmuvyEdUW] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Thomas Eric\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Thomas Eric\Start Menu\Programs\Startup\Seagate 2GE74T1Q Product Registration.lnk = C:\Documents and Settings\Thomas Eric\Application Data\Leadertech\PowerRegister\Seagate 2GE74T1Q Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Thomas Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Thomas Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/27 13:49:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 14:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/25 14:37:38 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 14:31:54 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thomas Eric\Desktop\TDSSKiller.exe
[2011/06/25 14:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Desktop\New Folder
[2011/06/25 14:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Desktop\GooredFix Backups
[2011/06/25 14:03:46 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Thomas Eric\Desktop\GooredFix.exe
[2011/06/25 13:50:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/25 13:46:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/25 13:45:47 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thomas Eric\Desktop\OTM.exe
[2011/06/25 13:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Desktop\Registry Backup
[2011/06/25 13:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/25 13:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/21 12:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Application Data\ParetoLogic
[2011/06/21 12:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Application Data\DriverCure
[2011/06/21 12:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Start Menu\Programs\ParetoLogic
[2011/06/21 12:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/06/21 12:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/06/21 12:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/06/20 21:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/06/20 17:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\My Documents\My Pictures
[2011/06/20 17:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\My Documents\4Media
[2011/06/20 15:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Application Data\Malwarebytes
[2011/06/20 15:36:32 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/20 15:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/20 15:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/20 15:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/06/20 15:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/20 14:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/20 14:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/20 14:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/20 13:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Application Data\SpeedingUpMyPC
[2011/06/20 13:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Application Data\RegistryKeys
[2011/06/20 13:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpeedingUpMyPC
[2011/06/20 13:15:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/06/19 22:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\My Documents\Downloads
[2011/06/19 11:14:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Thomas Eric\Recent
[2011/06/19 11:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/19 11:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Start Menu\Programs\BrowserPlus
[2011/06/19 11:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Local Settings\Application Data\Yahoo!
[2011/06/19 11:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2011/06/19 11:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2011/06/19 11:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
[2011/06/12 22:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Desktop\Do Not Delete Very Important Back Up Files!!!
[2011/06/11 10:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Application Data\Google
[2011/06/11 10:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/06/11 10:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thomas Eric\Local Settings\Application Data\Google

========== Files - Modified Within 30 Days ==========

[2011/06/25 14:51:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-839522115-725345543-1003UA.job
[2011/06/25 14:37:49 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Thomas Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/25 14:26:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 14:21:16 | 001,309,375 | R--- | M] () -- C:\Documents and Settings\Thomas Eric\Desktop\tdsskiller.zip
[2011/06/25 14:03:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 14:03:40 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Thomas Eric\Desktop\GooredFix.exe
[2011/06/25 14:02:29 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 14:02:29 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1006.job
[2011/06/25 14:02:29 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1025.job
[2011/06/25 14:02:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1029.job
[2011/06/25 14:02:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1028.job
[2011/06/25 14:02:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1027.job
[2011/06/25 14:02:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1026.job
[2011/06/25 14:02:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1031.job
[2011/06/25 14:02:28 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1035.job
[2011/06/25 14:02:28 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1034.job
[2011/06/25 14:02:28 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1033.job
[2011/06/25 14:02:28 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1032.job
[2011/06/25 14:02:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 14:00:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/25 13:45:48 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thomas Eric\Desktop\OTM.exe
[2011/06/25 13:43:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Thomas Eric\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/25 13:43:53 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Thomas Eric\Desktop\ERUNT.lnk
[2011/06/25 13:04:30 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/06/25 12:28:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/25 11:32:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1035.job
[2011/06/24 19:46:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1027.job
[2011/06/24 19:34:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1033.job
[2011/06/24 19:04:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1029.job
[2011/06/24 18:00:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/06/24 06:25:28 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/06/24 00:51:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-839522115-725345543-1003Core.job
[2011/06/23 22:05:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1028.job
[2011/06/23 18:22:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1034.job
[2011/06/23 04:18:08 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/06/22 21:44:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/22 18:00:20 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/06/21 18:27:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1026.job
[2011/06/21 17:41:34 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/21 12:34:08 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Thomas Eric\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/06/20 21:21:48 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Thomas Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/20 21:21:47 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/20 21:01:06 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Thomas Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/06/20 20:58:29 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1006.job
[2011/06/20 20:53:25 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/20 17:08:17 | 001,138,796 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/20 16:19:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1025.job
[2011/06/19 20:23:30 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\Thomas Eric\Desktop\Shortcut to FreeAgent Drive (X).lnk
[2011/06/19 17:53:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1032.job
[2011/06/19 11:09:06 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16637732
[2011/06/19 11:07:41 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16637732
[2011/06/19 11:07:41 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16637732r
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thomas Eric\Desktop\TDSSKiller.exe
[2011/06/15 22:18:48 | 000,018,359 | -H-- | M] () -- C:\Documents and Settings\Thomas Eric\Start Menu.rar
[2011/06/12 22:14:43 | 000,001,303 | -H-- | M] () -- C:\Documents and Settings\Thomas Eric\Desktop\Document.rtf
[2011/06/11 16:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1031.job
[2011/06/11 10:24:31 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/02 22:06:47 | 000,001,335 | ---- | M] () -- C:\Documents and Settings\Thomas Eric\Start Menu\Programs\Startup\Seagate 2GE74T1Q Product Registration.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/25 14:37:49 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Thomas Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/25 14:22:14 | 001,309,375 | R--- | C] () -- C:\Documents and Settings\Thomas Eric\Desktop\tdsskiller.zip
[2011/06/25 13:43:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Thomas Eric\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/25 13:43:53 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Thomas Eric\Desktop\ERUNT.lnk
[2011/06/21 12:34:32 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/06/21 12:34:08 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Thomas Eric\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/06/21 12:34:07 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/06/21 12:34:05 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/06/21 12:34:04 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/06/20 21:21:48 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Thomas Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/20 21:21:47 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/20 21:21:47 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/20 21:01:06 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/06/20 21:01:06 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/06/20 21:01:06 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Thomas Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/06/20 20:53:25 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/06/20 15:10:03 | 001,138,796 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/20 14:43:22 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/19 20:23:30 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\Thomas Eric\Desktop\Shortcut to FreeAgent Drive (X).lnk
[2011/06/19 19:04:14 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1006.job
[2011/06/18 12:17:01 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16637732r
[2011/06/18 12:17:00 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16637732
[2011/06/18 12:16:51 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16637732
[2011/06/18 11:32:54 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1035.job
[2011/06/18 11:32:53 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1035.job
[2011/06/16 18:19:53 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1034.job
[2011/06/16 18:19:51 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1034.job
[2011/06/15 22:18:47 | 000,018,359 | -H-- | C] () -- C:\Documents and Settings\Thomas Eric\Start Menu.rar
[2011/06/12 22:14:43 | 000,001,303 | -H-- | C] () -- C:\Documents and Settings\Thomas Eric\Desktop\Document.rtf
[2011/06/11 10:24:31 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/11 10:21:34 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/11 10:21:33 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/10 19:32:43 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1033.job
[2011/06/10 19:32:41 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1033.job
[2011/06/05 17:49:15 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1032.job
[2011/06/05 17:49:14 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1032.job
[2011/06/04 16:21:44 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1031.job
[2011/06/04 16:21:42 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1031.job
[2011/06/03 18:54:13 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1029.job
[2011/06/03 18:54:12 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1029.job
[2011/06/02 21:34:38 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1028.job
[2011/06/02 21:34:36 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1028.job
[2011/05/27 18:22:24 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-839522115-725345543-1027.job
[2011/05/27 18:22:22 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-839522115-725345543-1027.job
[2010/01/02 16:39:47 | 000,000,039 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/10/29 17:48:13 | 000,061,428 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/13 03:03:54 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/10 17:57:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/06/17 13:41:55 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/06/15 15:30:13 | 000,000,013 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/04/11 09:58:07 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Thomas Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/12 12:26:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/09 22:13:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/31 10:48:38 | 000,157,454 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2009/01/31 10:48:38 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2009/01/29 16:27:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/28 19:23:37 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2009/01/28 19:23:35 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2009/01/27 13:56:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/27 13:45:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/27 08:38:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/27 08:37:23 | 000,287,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/16 12:48:28 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:48:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:37:58 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/07/16 12:35:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:35:06 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:35:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:35:03 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:33:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:28:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:28:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:21:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:20:48 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/06 14:21:47 | 000,037,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2000/11/10 15:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

========== LOP Check ==========

[2010/05/13 21:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/10/25 21:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/06/15 17:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2011/01/04 18:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2011/06/21 12:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/17 13:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/08/21 09:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/06/21 11:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/19 11:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/08/10 20:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/06/11 12:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/26 20:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/06 21:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/03/26 14:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\4Media
[2011/03/19 22:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\Amazon
[2009/06/01 10:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\CopyTrans
[2011/06/21 12:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\DriverCure
[2010/08/10 20:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\eMusic
[2010/08/08 16:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\FinalTorrent
[2010/08/21 08:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\Leadertech
[2011/01/20 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\muvee Technologies
[2011/06/21 12:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\ParetoLogic
[2011/06/20 13:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\RegistryKeys
[2011/06/20 13:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\SpeedingUpMyPC
[2010/12/09 00:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\start
[2009/06/01 10:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thomas Eric\Application Data\WindSolutions
[2011/06/24 18:00:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/06/23 04:18:08 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/06/22 18:00:20 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2011/06/24 06:25:28 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\TASKMAN.EXE:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi :)
:unsure: . My name is Michael and I am here to help you fix your computer. :yes:
If you have already received help elsewhere please inform me so that this topic can be closed.
If you haven't, please keep reading:
Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.


Thanks for waiting.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :)


Next:

Delete the version of OTL.exe you have as it's outdated
Download OTL to your Desktop
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O4 - HKCU..\Run: [MSMSGS] File not found
    O4 - HKCU..\Run: [waeibmuvyEdUW] File not found
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    [2011/06/19 11:09:06 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16637732
    [2011/06/19 11:07:41 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16637732
    [2011/06/19 11:07:41 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16637732r

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Under Extra Registry select Use SafeList
  • Click the Run Scan button. Post the two logs OTL.txt and Extras.txt it produces in your next reply.

  • 0

#3
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP