Google Redirect + Registry Defender

View previous topic View next topic Go down

Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 8:56 am

I have tried to post a complete description of my problem but Internet Explorer fails every time I try. I was able to make a post that did not mention the nature of my problem so I think the malware infecting my laptop is blocking IE from posting threads about the malware.

I will break my post into smaller portions and see if it will allow me to post my message. Please bear with me.


My laptop is infected with a Google Redirect Malware / Hijacker that redirects IE to dangerous and annoying sites when I click on Google (and other) search results. In the last few days the malware has grown to now open new IE windows on its own and points them to dangerous and annoying sites. It now also opens pop-ups with messages telling me my computer registry is damaged and I should buy their product. Occasionally when I try to close an IE window the malware has opened I will get two warning pop-ups asking if I am sure I want to decline their offer. Some of the sites opened in the new IE windows by the malware are designed to look like legitimate news sites (e.g., news4online), Sears, etc.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 8:59 am

OK. I was able to start my thread. But IE failed when I tried to post a larger chunk of my description. Please bear with me as I post my message piecemeal.


Trend Micro Internet Security Pro fails to detect the malware, however it does block (most of) the malicious sites from opening.

Another recent problem I am experiencing (which may or may not be related to this malware) is my laptop has lost its sound. Only once out of about 20 times when I boot up will I have sound. The other 19 out of 20 times I only get beeps. I have checked the system and it does not recognize my sound card when there is no sound.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 9:00 am

My system particulars are:

Toshiba Satellite Laptop
Windows XP SP3
IE 8.0.6001.18702
Trend Micro Internet Security Pro

I have installed the latest version of Java SE Runtime Environment 6 Update 21 and JavaRa. I have the latest version of Adobe Reader.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 9:02 am

I was unable to perform Windows Updates. Internet Explorer was unable to open [You must be registered and logged in to see this link.] and I was also unable to perform a Windows Update from the Microsoft site. The malware may be blocking the windows update sites.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 9:04 am

In the above post I was unable to post the message until I changed an 's' to '$'. I think the malware is blocking me from posting certain URLs and perhaps certain words.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 9:04 am

I performed the OTL scan and will paste the reports below.

I ran HijackThis v2.0.2 and will paste the report below.

I scanned my laptop with SpyBot S&D but it hangs when it reaches file 161616/1282368 Fraud.UPSInvoice and will not proceed paste that point. I will post the partial results of that scan below.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 9:07 am

I am unable to post the OTL log. I will post the remainder of my thread from a public computer tomorrow.

My apologies for the disjointed thread.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Belahzur on 7th September 2010, 1:46 pm

Hello.
Can you attach the logs please?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 9:15 pm

I am on a public computer at the library so I hope I can now post the OTL logs. Here goes:


OTL logfile created on: 9/7/2010 2:11:16 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\BCB\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 166.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 39.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 36.62 Gb Free Space | 49.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 42.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: BCB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/05 03:04:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BCB\Desktop\OTL.com
PRC - [2010/06/09 07:55:17 | 000,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
PRC - [2010/03/07 14:48:14 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/26 01:40:32 | 001,020,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2010/01/26 01:39:46 | 000,715,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/07/29 10:28:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/07/29 10:28:36 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/07/29 10:28:12 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/20 10:52:35 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006/08/02 17:52:46 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/03 03:07:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/07/03 02:57:04 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/07/02 23:57:12 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/07/02 23:50:32 | 000,700,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/07/02 23:49:10 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/07/02 23:42:14 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/19 13:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2006/04/25 18:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/03/16 14:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/03/02 16:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 13:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2006/01/20 16:14:20 | 001,122,412 | ---- | M] ( ) -- C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
PRC - [2005/12/16 03:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/05 23:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/08/16 12:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/21 19:38:24 | 000,901,120 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
PRC - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 22:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 17:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 01:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 14:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2010/09/05 03:04:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BCB\Desktop\OTL.com
MOD - [2008/04/13 18:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/01/26 01:39:46 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/07/29 10:28:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/07/29 10:28:36 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/29 10:28:12 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/07/02 23:57:12 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/07/02 23:49:10 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/07/02 23:42:14 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 17:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 18:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 17:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/10/20 07:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 14:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 01:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SYSPREP\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - [2010/06/17 12:22:52 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2009/12/18 12:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 12:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/12/04 10:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 10:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 10:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/11/16 18:34:26 | 005,955,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/29 11:07:00 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/07/29 11:07:00 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/07/29 11:07:00 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/29 11:07:00 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/07/29 11:07:00 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/25 17:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/22 11:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/07/13 11:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/07/03 01:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/02 06:00:46 | 001,706,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006/06/28 17:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/28 12:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 17:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/05 04:12:54 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/03/18 08:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 19:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/03/02 16:46:54 | 000,191,968 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/12/19 15:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2005/12/19 15:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/10/20 15:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 15:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 16:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/07/25 18:48:36 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg511nd5.sys -- (NETGEAR_WG511_SERVICE)
DRV - [2005/06/02 04:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 14:08:20 | 000,020,992 | ---- | M] (FLIR Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FLIRUSB.sys -- (FLIRUSBNET)
DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 15:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/04/11 19:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/03/04 04:26:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/07 14:50:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/05 03:15:26 | 000,000,000 | ---D | M]

[2009/10/14 00:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BCB\Application Data\Mozilla\Extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions
[2009/10/22 13:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/05 03:15:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/05 03:15:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/05 03:15:06 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/04/14 13:06:08 | 000,000,036 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe ( )
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PDF4 Registry Controller] C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ScanSoft PDF Professional 4-reminder] C:\Program Files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BCB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 20:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 01:39:48 | 000,000,074 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{25bad50c-1b33-11df-b49c-00a0d15e532e}\Shell - "" = AutoRun
O33 - MountPoints2\{25bad50c-1b33-11df-b49c-00a0d15e532e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{25bad50c-1b33-11df-b49c-00a0d15e532e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3aabfcac-8bb7-11db-b02c-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{3aabfcac-8bb7-11db-b02c-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3aabfcac-8bb7-11db-b02c-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4ccc2aca-1030-11dd-b199-0018de7eace5}\Shell\AutoRun\command - "" = E:\Launch.exe -- File not found
O33 - MountPoints2\{881aa94d-8b4f-11db-9bd4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{881aa94d-8b4f-11db-9bd4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{881aa94d-8b4f-11db-9bd4-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{98942674-b009-11dc-b0f4-0018de7eace5}\Shell - "" = AutoRun
O33 - MountPoints2\{98942674-b009-11dc-b0f4-0018de7eace5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98942674-b009-11dc-b0f4-0018de7eace5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c6a32835-cc3a-11db-b05b-00184d894b8f}\Shell - "" = AutoRun
O33 - MountPoints2\{c6a32835-cc3a-11db-b05b-00184d894b8f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c6a32835-cc3a-11db-b05b-00184d894b8f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c6a32836-cc3a-11db-b05b-00184d894b8f}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{d8e6d46e-1648-11de-b2f6-00a0d15e532e}\Shell - "" = AutoRun
O33 - MountPoints2\{d8e6d46e-1648-11de-b2f6-00a0d15e532e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d8e6d46e-1648-11de-b2f6-00a0d15e532e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e2e60b28-f92d-11dc-b16a-0018de7eace5}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e60b28-f92d-11dc-b16a-0018de7eace5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2e60b28-f92d-11dc-b16a-0018de7eace5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f9eefaf2-b557-11df-b57e-0018de7eace5}\Shell - "" = AutoRun
O33 - MountPoints2\{f9eefaf2-b557-11df-b57e-0018de7eace5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9eefaf2-b557-11df-b57e-0018de7eace5}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe -- [2010/01/26 02:24:58 | 002,312,088 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/07 02:01:38 | 000,000,000 | ---D | C] -- C:\Misc Files
[2010/09/06 21:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/06 21:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/06 20:52:15 | 000,000,000 | ---D | C] -- C:\SpyBot
[2010/09/05 03:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Desktop\JavaRa
[2010/09/05 03:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/05 03:15:26 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/05 03:15:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/05 03:15:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/05 03:15:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/05 03:15:26 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/09/05 03:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/05 03:03:57 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BCB\Desktop\OTL.com
[2010/09/05 02:47:02 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\BCB\Desktop\jre-6u21-windows-i586.exe
[2010/08/31 18:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Local Settings\Application Data\Downloaded Installations
[2010/08/26 23:44:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/23 01:23:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\BCB\IECompatCache
[2010/08/18 00:43:19 | 000,000,000 | ---D | C] -- C:\Gratis Farm
[2010/08/13 00:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\TREAT-Export
[2010/08/13 00:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\TREAT-Samples
[2010/08/13 00:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCB\Application Data\PSD
[2010/08/13 00:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\6sevXci68uPVeiO5dEr4
[2010/08/13 00:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\PSD
[2006/07/19 16:49:10 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/07 02:08:40 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\Post To GeekPolice.doc
[2010/09/07 00:37:39 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\OTL Scan.doc
[2010/09/06 21:24:15 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\BCB\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/06 21:24:15 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\Spybot - Search & Destroy.lnk
[2010/09/06 10:31:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/06 10:31:32 | 526,438,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/06 02:37:07 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\BCB\NTUSER.DAT
[2010/09/06 02:37:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\BCB\ntuser.ini
[2010/09/05 03:23:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 03:15:04 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/05 03:15:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/05 03:15:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/05 03:15:04 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/09/05 03:15:03 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/05 03:04:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BCB\Desktop\OTL.com
[2010/09/05 02:48:18 | 000,156,329 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\JavaRa.zip
[2010/09/05 02:47:02 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\BCB\Desktop\jre-6u21-windows-i586.exe
[2010/09/04 11:08:27 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2010/09/01 21:37:40 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 18:53:51 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/08/31 18:48:24 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/31 18:48:24 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/31 18:48:24 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/31 16:45:18 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
[2010/08/27 01:59:02 | 004,310,098 | -H-- | M] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\IconCache.db
[2010/08/26 21:41:03 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 00:54:02 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml
[2010/08/23 00:13:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\housecall.guid.cache
[2010/08/14 14:58:00 | 000,000,740 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/13 00:09:51 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\BCB\Desktop\TREAT.lnk
[2010/08/10 22:44:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/07 02:08:39 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\Post To GeekPolice.doc
[2010/09/07 00:37:38 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\OTL Scan.doc
[2010/09/06 21:24:15 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\BCB\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/06 21:24:15 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\Spybot - Search & Destroy.lnk
[2010/09/05 02:48:14 | 000,156,329 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\JavaRa.zip
[2010/08/31 18:53:51 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/08/27 10:27:06 | 526,438,400 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 23:54:30 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\housecall.guid.cache
[2010/08/15 01:02:02 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml
[2010/08/13 00:17:28 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\BCB\Desktop\TREAT.lnk
[2009/06/15 22:15:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2008/08/19 14:40:53 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008/08/19 14:40:01 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/08/15 21:35:18 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/05/04 23:47:00 | 000,000,011 | ---- | C] () -- C:\WINDOWS\wanpatan.ini
[2007/12/24 01:52:58 | 000,000,666 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/14 03:13:50 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\SP32W.DLL
[2006/12/14 03:02:10 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 03:02:10 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\BCB\Local Settings\Application Data\fusioncache.dat
[2006/12/14 02:51:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/11 15:33:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/11 15:33:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/11 15:33:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/11 15:33:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/11 15:33:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/11 15:33:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/19 18:51:22 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/07/19 18:51:22 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/07/19 17:18:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/07/19 17:02:31 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/07/19 17:01:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/07/19 17:01:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/07/19 17:01:55 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/07/19 17:01:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/07/19 16:49:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/07/18 20:44:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/18 20:32:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/07/18 18:52:17 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/02 15:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 16:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 22:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 18:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 12:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 18:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/07/18 13:27:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/07/18 13:27:17 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/07/18 13:27:17 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/10 06:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/04/11 19:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) -- C:\WINDOWS\system32\AWINDIS5.SYS
[2004/08/10 06:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/10 06:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/10 06:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 06:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/10 06:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 06:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 06:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 06:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 06:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 06:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 06:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 06:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 06:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2009/12/18 12:13:04 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCASp50.sys
[2009/12/18 12:13:04 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCASp50a64.sys
[2008/04/13 12:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 07:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 18:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 18:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 18:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 18:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 18:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 18:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 18:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 18:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 18:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 18:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 18:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 18:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 18:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 18:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 18:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2008/05/17 01:16:09 | 000,003,931 | ---- | M] () -- C:\AdobeDebug.txt
[2007/09/30 00:38:25 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2006/07/18 20:37:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/12/14 02:59:18 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2006/07/18 20:37:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/23 00:45:20 | 000,000,195 | ---- | M] () -- C:\creator.log
[2009/03/21 00:49:26 | 000,000,135 | ---- | M] () -- C:\DelUS.bat
[2010/09/06 10:31:32 | 526,438,400 | -HS- | M] () -- C:\hiberfil.sys
[2006/07/18 20:37:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/19 20:41:40 | 000,001,206 | -H-- | M] () -- C:\IPH.PH
[2009/04/14 03:34:15 | 000,013,112 | ---- | M] () -- C:\JavaRa.log
[2006/07/18 20:37:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/12 09:48:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/06 22:51:10 | 794,001,408 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2009/04/14 03:56:34 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/07/19 20:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2009/05/03 03:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Architectural Energy Corporation
[2009/07/31 23:25:35 | 000,000,000 | ---D | M] -- C:\Program Files\Chief Architect
[2010/03/07 14:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/07/18 20:33:43 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/01/19 17:04:50 | 000,000,000 | ---D | M] -- C:\Program Files\DATA BECKER
[2006/08/11 15:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\DataLode
[2008/06/12 18:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\DesktopDialer
[2006/07/19 17:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-RAM
[2010/03/14 00:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Energy Conservatory
[2006/07/19 17:49:57 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2008/02/03 21:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
[2006/12/14 03:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\FLIR Systems
[2006/07/19 18:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2009/01/02 23:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/07/19 20:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2010/06/23 13:44:50 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/12/14 02:59:48 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/03/31 02:47:01 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/12/14 02:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/09/02 15:12:49 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/09/05 03:14:53 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/07/19 17:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2008/11/17 21:23:29 | 000,000,000 | ---D | M] -- C:\Program Files\Maxis
[2006/07/19 19:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/03/12 21:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/07/19 20:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/07/18 20:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/09/26 19:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/03/26 19:44:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/07/19 20:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/07/19 20:26:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/11 03:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/10/22 13:55:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/24 01:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/03/26 19:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2006/07/18 20:32:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/07/18 20:32:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/06/11 00:07:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/03/05 22:16:03 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR
[2009/03/12 09:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/04/14 11:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/08/31 18:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2006/07/18 20:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 00:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/08/11 14:56:55 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2010/08/13 00:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\PSD
[2006/07/19 20:39:38 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2008/09/01 12:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/03/07 14:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2010/06/17 17:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/04/24 01:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/02/13 01:49:19 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/01/31 19:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\Selectsoft
[2008/08/15 21:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\SNC
[2010/09/06 21:34:02 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/07/19 16:57:47 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/12/14 03:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\ThermaCAM
[2006/08/17 11:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2006/07/19 17:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Games
[2010/03/04 04:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/07/18 20:42:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/08/31 18:53:43 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2006/07/19 20:39:47 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2006/07/19 17:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/06/14 21:27:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/12 09:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/07/18 20:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2006/07/18 20:35:37 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/08/19 14:51:24 | 000,000,000 | ---D | M] -- C:\Program Files\WMV9_VCM
[2008/08/19 14:40:54 | 000,000,000 | ---D | M] -- C:\Program Files\Xara
[2006/07/18 20:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2006/08/11 15:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2006/07/18 13:28:16 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\BCB\Application Data\desktop.ini
[2010/08/23 00:54:02 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\BCB\Application Data\TREATpersistence.xml


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2009/03/12 09:42:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 12:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-12 06:52:52

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 9:17 pm

OTL Extras:


OTL Extras logfile created on: 9/7/2010 2:11:16 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\BCB\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 166.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 39.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 36.62 Gb Free Space | 49.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 42.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: BCB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\WINDOWS\svcho.exe" = C:\WINDOWS\svcho.exe:*:Enabled:enable -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{06FAFD58-1C21-4C90-A2FC-C9DC5A2A9D09}" = Verizon Wireless MiFi-2200 Firmware Updates
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{12E3B2CD-530F-4643-9A64-23E0D214A79D}" = ScanSoft PDF Professional 4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FF660F4-147B-48CB-B824-2B595759D9EF}" = VZAccess Manager
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{42479ADF-C248-4832-9EC8-982E63BE18F3}" = ThermaCAM Reporter 7.0 Professional
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E7609E-F086-4ECA-9870-5B9E4E5096BD}" = Verizon Wireless USB720-V740 Firmware Updates
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{543E1A82-DE6D-4DD7-940F-77D564A53A88}" = TECBLAST 1.2 Demo
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{7743ED08-3120-467C-B1C4-5A1BAB6891EA}" = TECTITE 3.2 Demo
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B35D327-0607-4EED-A2E9-1312D10FD5EC}" = Verizon Wireless USB727 Firmware Updates
"{87C67475-BCED-484E-9DC0-6582068AF537}" = TECTITE 3.2
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9E04E9-B95B-41AF-8C97-DA3E35D38EF3}" = TECBLAST 1.2
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BDA796D-3266-41E4-837E-E30954D79E18}" = REM Updater
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D1EDBA-A61F-4E00-B81E-E988B255FB3E}_is1" = TREAT 3.2.1
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF2A8E58-DBC6-36D3-A145-7252029F6F48}" = Microsoft Report Viewer Redistributable 2008 SP1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9D20484-D3CC-4CD2-B1ED-B72A9CEFD45D}" = NETGEAR 108 Mbps Wireless PC Card WG511T
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D4C58139-4F80-0E25-620C-5675F9910D52}" = Home Designer Suite 9
"{E7DB49CE-3856-4AE4-AD5F-4077F07CE47C}" = REM Rate 12
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}" = Toshiba Media Center Game Console
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Club Vegas Casino 10,000" = Club Vegas Casino 10,000
"Desktop Dialer" = Desktop Dialer
"Document Creator_is1" = Document Creator OEM v2.22
"DriverAgent.exe" = DriverAgent by eSupport.com
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2008 SP1" = Microsoft Report Viewer Redistributable 2008 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"PDF Producer" = PDF Producer
"Picasa2" = Picasa 2
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"Radon Monitor" = Radon Monitor
"RealPlayer 12.0" = RealPlayer
"ST6UNST #1" = TECLOG
"ST6UNST #2" = ZPDCU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"WT004723" = Blasterball 2 Revolution
"WT004829" = Polar Golfer
"WT006066" = FATE
"WT006448" = Blackhawk Striker 2
"WT006527" = Polar Bowler
"WT009503" = Penguins!
"WT009952" = Chuzzle Deluxe
"WT009953" = Mah Jong Quest
"WT009954" = SCRABBLE
"WT010043" = Bejeweled 2 Deluxe
"Xara Xtreme 4 UK" = Xara Xtreme 4
"Yahoo! Music Engine" = Yahoo! Music Engine

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2010 9:47:26 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 9/6/2010 11:16:05 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 9/6/2010 11:16:09 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 9/7/2010 1:37:59 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2010 1:38:00 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2010 2:20:14 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application ufnavi.exe, version 17.50.0.1647, faulting module
unknown, version 0.0.0.0, fault address 0x410092ed.

Error - 9/7/2010 2:28:34 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2010 2:28:34 AM | Computer Name = TOSHIBA-USER | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2010 3:34:17 AM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 9/7/2010 3:34:17 AM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 9/6/2010 12:31:54 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
error: %%1053

Error - 9/6/2010 12:31:54 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Logical Disk Manager
service to connect.

Error - 9/6/2010 12:31:54 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Logical Disk Manager service failed to start due to the following
error: %%1053

Error - 9/6/2010 12:32:01 PM | Computer Name = TOSHIBA-USER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 9/6/2010 12:32:01 PM | Computer Name = TOSHIBA-USER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 9/6/2010 12:33:18 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 9/6/2010 12:34:36 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 9/6/2010 12:34:36 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/7/2010 2:40:07 AM | Computer Name = TOSHIBA-USER | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 9/7/2010 2:40:07 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 9:18 pm

I ran HijackThis v2.0.2 and below is the log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:52 AM, on 9/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Documents and Settings\BCB\Desktop\OTL.com
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\BCB\Desktop\hijackgpthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe"
O4 - HKLM\..\Run: [ScanSoft PDF Professional 4-reminder] "C:\Program Files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PDF Professional\4\Ereg\Ereg.ini
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.1 - [You must be registered and logged in to see this link.] Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 12343 bytes

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 9:21 pm

I ran SpyBot S&D several times but it hangs at 161616/1282368 Fraud.UPSInvoice .

On one attempt I stopped SpyBot just short of 161616 and the partial report is below:

3 Fraud.AV Security Suite (AVSoft, AVSuite)
3 Fraud.Sysguard
1 Microsoft.Windows.Security.InternetExpolorer
95 Wild Tangent
1 WinSpywareProject (AVScan)

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 7th September 2010, 9:59 pm

One last bit of info.

I am unable to go to any site to perform a Windows Update on my laptop, whether I try to go directly to [You must be registered and logged in to see this link.] or if I try to go indirectly through the Microsoft web site. Both IE and Firefox are blocked from accessing the Windows Update sites.

Is there a way to download something on a clean computer, save it to a thumb drive or e-mail it to myself and run a Windows Update on my infected laptop?

One last thing - the malware appears to block me from sending some attachments on e-mail. Oddly, when I sent an e-mail to multiple recipients (twice) some got the attachment and some did not.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Belahzur on 8th September 2010, 5:22 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 9th September 2010, 12:00 am

I ran into trouble right out of the chute.

When I clicked Link 2 (http://subs.geekstogo.com/ComboFix.exe) I was redirected to Geeks 2 Go (http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/) which I assume is by design.

However, when I clicked the Download button (which points to [You must be registered and logged in to see this link.] instead of going to a download window I am sent to [You must be registered and logged in to see this link.] which Trend Micro Internet Security Pro blocks as a dangerous site.

I am not sure whether I should override Trend Micro and go ahead and download the file or if my browser is again being hijacked to a malicious site. If the forospyware site is the site you intended me to download from I will override Trend Micro. If my browser is again being hijacked I will have to return to the library to download the file using a clean computer.

Please advise.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 9th September 2010, 12:10 am

Another roadblock:

At the bleepingcomputer.com thread 'How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs', for Trend Micro they provide a link for the details. However, the link is dead.

Can I simply close Trend Micro Internet Security Pro or are there specific instructions I need to follow to disable it?


Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Belahzur on 9th September 2010, 12:17 am

Close it, and try run Combofix. If Combofix says it's still active, then you can try running Combofix from Safe Mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 9th September 2010, 9:17 pm

You may have missed Post #15. I ran into problems downloading the file at Link 2 (http://subs.geekstogo.com/ComboFix.exe). When I click on the Download button IE is pointed to [You must be registered and logged in to see this link.] and Trend Micro blocks the site as dangerous.

So I decided to download the file on a computer at my library. When I click on Link 2 their AV blocks the site. ("The Websense category "Malicious Web Sites" is filtered.")

So, would you recommend that I override Trend Micro (on my computer) and allow IE to go to [You must be registered and logged in to see this link.] ?

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Belahzur on 9th September 2010, 10:26 pm

Yes please. Don't worry, Combofix is legit.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 10th September 2010, 7:36 am

OK. I could not open Link 2. IE was blocked from going to the link. I pasted the URL in the address box and went directly to the site but it was a foreign language site and there was no obvious (to me) place to download the file. Is it the same file I downloaded from Link 1? (Your instructions made it appear I needed to download something from both Link 1 and Link 2.)

Anyway, I ran Combo-Fix.exe. It took about 2 hours and the log is below:

ComboFix 10-09-08.01 - BCB 09/09/2010 23:32:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.195 [GMT -6:00]
Running from: c:\GeekPolice\Google Redirect Removal\Combo-Fix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DelUS.bat
c:\documents and settings\BCB\GoToAssistDownloadHelper.exe
c:\windows\system32\service
c:\windows\system32\service\07042010_TIS17_SfFniAU.log

Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ias


((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-09-10 04:00 . 2010-09-10 04:00 -------- d-----w- c:\documents and settings\BCB\Application Data\Malwarebytes
2010-09-10 03:56 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-10 03:56 . 2010-09-10 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-10 03:56 . 2010-09-10 03:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-10 03:56 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-09 03:18 . 2010-09-09 03:19 -------- d-----w- C:\Sony Laptops
2010-09-08 23:29 . 2010-09-09 01:15 -------- d-----w- C:\GeekPolice
2010-09-07 08:01 . 2010-09-07 08:06 -------- d-----w- C:\Misc Files
2010-09-07 03:23 . 2010-09-07 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-07 03:23 . 2010-09-07 03:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-07 02:52 . 2010-09-07 03:00 -------- d-----w- C:\SpyBot
2010-09-05 09:15 . 2010-09-05 09:15 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-05 09:14 . 2010-09-05 09:14 -------- d-----w- c:\program files\Java
2010-09-01 00:45 . 2010-09-08 01:50 -------- d-----w- c:\documents and settings\BCB\Local Settings\Application Data\Downloaded Installations
2010-08-23 07:23 . 2010-08-23 07:23 -------- d-sh--w- c:\documents and settings\BCB\IECompatCache
2010-08-18 06:43 . 2010-08-18 06:43 -------- d-----w- C:\Gratis Farm
2010-08-13 06:18 . 2010-08-13 06:54 -------- d-----w- c:\documents and settings\BCB\TREAT-Export
2010-08-13 06:18 . 2010-08-17 06:31 -------- d-----w- c:\documents and settings\BCB\TREAT-Samples
2010-08-13 06:18 . 2010-08-13 06:18 -------- d-----w- c:\documents and settings\BCB\Application Data\PSD
2010-08-13 06:17 . 2010-08-13 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\6sevXci68uPVeiO5dEr4
2010-08-13 06:06 . 2010-08-13 06:06 -------- d-----w- c:\program files\PSD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 02:02 . 2009-03-03 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
2010-09-08 01:53 . 2010-09-08 01:53 25214 ----a-r- c:\documents and settings\BCB\Application Data\Microsoft\Installer\{0E433CFD-B6FF-4D4E-A081-BB1A680D19A1}\Start.exe_B50352861C9E40AB92092A8E9DE06306.exe
2010-09-08 01:53 . 2010-09-08 01:53 25214 ----a-r- c:\documents and settings\BCB\Application Data\Microsoft\Installer\{0E433CFD-B6FF-4D4E-A081-BB1A680D19A1}\DesktopShortcut_B50352861C9E40AB92092A8E9DE06306.exe
2010-09-08 01:53 . 2010-09-08 01:53 25214 ----a-r- c:\documents and settings\BCB\Application Data\Microsoft\Installer\{0E433CFD-B6FF-4D4E-A081-BB1A680D19A1}\ARPPRODUCTICON.exe
2010-09-08 01:53 . 2010-09-08 01:53 46456 ----a-r- c:\documents and settings\BCB\Application Data\Microsoft\Installer\{F19553C5-F843-4C27-BF9F-9DE4D901B895}\ARPPRODUCTICON.exe
2010-09-08 01:52 . 2008-03-12 16:57 -------- d-----w- c:\program files\Novatel Wireless
2010-09-08 01:46 . 2010-09-08 01:26 43356128 ----a-w- c:\documents and settings\BCB\Application Data\Smith Micro\Updates\VZAM_7.3.11_2566a-MiFi2200-Web.exe
2010-09-06 02:58 . 2010-09-06 02:58 503808 ----a-w- c:\documents and settings\BCB\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-291faf57-n\msvcp71.dll
2010-09-06 02:58 . 2010-09-06 02:58 499712 ----a-w- c:\documents and settings\BCB\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-291faf57-n\jmc.dll
2010-09-06 02:58 . 2010-09-06 02:58 348160 ----a-w- c:\documents and settings\BCB\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-291faf57-n\msvcr71.dll
2010-09-06 02:58 . 2010-09-06 02:58 61440 ----a-w- c:\documents and settings\BCB\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6db67bf0-n\decora-sse.dll
2010-09-06 02:58 . 2010-09-06 02:58 12800 ----a-w- c:\documents and settings\BCB\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6db67bf0-n\decora-d3d.dll
2010-09-05 09:15 . 2006-07-20 01:52 -------- d-----w- c:\program files\Common Files\Java
2010-09-01 00:53 . 2007-08-19 02:48 -------- d-----w- c:\program files\Verizon Wireless
2010-07-19 18:03 . 2010-03-04 10:25 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-07-19 18:03 . 2010-03-04 10:25 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-07-19 18:02 . 2010-03-04 10:25 163408 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-08 16:52 . 2010-07-08 16:52 231424 ----a-w- c:\windows\system32\drivers\NWADIenum.sys
2010-07-08 16:52 . 2010-07-08 16:52 20480 ----a-w- c:\windows\system32\drivers\NwUsbCdFil.sys
2010-07-08 16:52 . 2010-07-08 16:52 176384 ----a-w- c:\windows\system32\drivers\nwusbser2_000.sys
2010-07-08 16:52 . 2010-07-08 16:52 176384 ----a-w- c:\windows\system32\drivers\nwusbser_000.sys
2010-07-08 16:52 . 2010-07-08 16:52 176384 ----a-w- c:\windows\system32\drivers\nwusbmdm_000.sys
2010-06-17 18:22 . 2010-06-17 18:22 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"TFncKy"="TFncKy.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 700416]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AS00_Gear511"="c:\program files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2006-01-20 1122412]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-20 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [2007-01-17 46632]
"ScanSoft PDF Professional 4-reminder"="c:\program files\ScanSoft\PDF Professional 4.0\Ereg\Ereg.exe" [2006-11-16 35368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-07 202256]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-12 18782720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153363098\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 12:50 PM 98816]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [7/29/2009 11:06 AM 36368]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [3/5/2007 10:16 PM 16194]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [7/8/2010 10:52 AM 176384]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [7/8/2010 10:52 AM 176384]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [7/8/2010 10:52 AM 176384]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [12/16/2007 7:29 PM 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/4/2010 4:25 AM 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [3/4/2010 4:25 AM 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/4/2010 4:25 AM 689416]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/17/2010 5:05 PM 1684736]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [6/17/2010 12:22 PM 23456]
S3 FLIRUSBNET;FLIR USB Network Adapter;c:\windows\system32\drivers\FLIRUSB.sys [9/19/2003 2:08 PM 20992]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\windows\system32\drivers\wg511nd5.sys [3/5/2007 10:16 PM 449888]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/8/2010 10:52 AM 20480]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-09-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1820892034-1025955845-51825187-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.1 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
FF - ProfilePath - c:\documents and settings\BCB\Application Data\Mozilla\Firefox\Profiles\54gemttm.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Club Vegas Casino 10,000 - c:\program files\Selectsoft\Club Vegas Casino 10
AddRemove-HijackThis - c:\hijack this\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-10 01:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TODDSrv.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\RTHDCPL.EXE
c:\program files\TOSHIBA\ConfigFree\CFXFER.exe
c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
.
**************************************************************************
.
Completion time: 2010-09-10 01:22:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-10 07:22

Pre-Run: 39,196,209,152 bytes free
Post-Run: 42,222,546,944 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 31F64297ADCC4115911B22F9DBA1BA2A

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 10th September 2010, 8:09 am

So far so good. After a half-hour I don't see any signs of the malware. No hijacks using Google. No IE windows opening on their own.

Plus I was able to go to [You must be registered and logged in to see this link.] and I am in the process of downloading critical updates!

And SpyBot is running and made it past the roadblock that was there before.

Thanks a lot.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Belahzur on 11th September 2010, 12:44 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    c:\documents and settings\All Users\Application Data\6sevXci68uPVeiO5dEr4


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 12th September 2010, 8:17 am

========== FILES ==========
c:\documents and settings\All Users\Application Data\6sevXci68uPVeiO5dEr4 folder moved successfully.

OTL by OldTimer - Version 3.2.11.0 log created on 09122010_021636

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Belahzur on 12th September 2010, 11:49 pm

Okay, next.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 13th September 2010, 5:13 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4602

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/12/2010 11:05:01 PM
mbam-log-2010-09-12 (23-05-01).txt

Scan type: Quick scan
Objects scanned: 162514
Time elapsed: 22 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Belahzur on 13th September 2010, 9:03 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 14th September 2010, 4:40 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=baedffae2b30d04080254ab4d383cd37
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-14 10:36:26
# local_time=2010-09-14 04:36:26 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=516 16774485 100 100 0 119318820 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=162051
# found=0
# cleaned=0
# scan_time=6057

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Belahzur on 14th September 2010, 9:12 pm

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Google Redirect + Registry Defender

Post by Hobo on 15th September 2010, 6:10 am

Seems to be back to normal. No more Google hijacks. Running faster except for occasional bog downs. I'll keep you posted.

Thanks for the help. I'm glad to be rid of that malware.

Hobo
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Win 7
Protection Protection : Trend Micro Internet Security Pro
Points Points : 29054
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum