TechSpot

Firefox Search Results redirection

By elvispacman
Mar 26, 2011
  1. ive been having my search resutls redirected on both yahoo and google,i have a windows XP computer and iive noticed it happening for a good part of this week i noticed that when it redirects me it first goes here http://www.abdsearch.com/cc.php?id=315520 and then it sends me to whatever site it sends me to.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6176

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/26/2011 3:20:09 PM
    mbam-log-2011-03-26 (15-20-09).txt

    Scan type: Full scan (A:\|C:\|D:\|)
    Objects scanned: 246620
    Time elapsed: 1 hour(s), 23 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-03-26 18:15:45
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD080HJ/P rev.ZH100-34
    Running: gmer.exe; Driver: C:\DOCUME~1\OWNER\LOCALS~1\Temp\kxtdapoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by OWNER at 18:26:14.96 on Sat 03/26/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1026 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    svchost.exe
    C:\Documents and Settings\OWNER\Application Data\cleanhdd.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton PC Checkup\Engine\2.0.9.24\SymcPCCULaunchSvc.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.9.24\ccSvcHst.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Symantec AntiVirus\vpc32.exe
    C:\Documents and Settings\OWNER\My Documents\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZJxdm1287Fus&ptb=3E.coohHuEGp0IKy5WWMgA
    uWindow Title = This Computer is Supported By Comtech Systems
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    IE: &Search
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with Xilisoft YouTube Video Converter - c:\program files\xilisoft\youtube video converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\owner\application data\dvdvideosoftiehelpers\youtubedownload.htm
    IE: Free YouTube to iPod Converter - c:\documents and settings\owner\application data\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\owner\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227744156718
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256139901500
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 209.172.56.113 www.google.com
    Hosts: 209.172.56.114 search.yahoo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\8p3jaudc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm1287Fus&ptb=3E.coohHuEGp0IKy5WWMgA&ind=2011022613&ptnrS=ZJxdm1287Fus&si=&n=77ddc515&psa=&st=kwd&searchfor=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\sony online entertainment\npsoe.dll
    FF - plugin: c:\program files\sony online entertainment\npsoeact.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKslcc419043;MpKslcc419043;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72af4407-a307-4f80-b641-e817c76a0385}\MpKslcc419043.sys [2011-3-26 28752]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2009-6-14 339328]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2009-6-14 55168]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2009-8-3 191848]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2009-8-3 169320]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.9.24\SymcPCCULaunchSvc.exe [2011-2-25 120248]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.9.24\ccSvcHst.exe [2011-2-25 126392]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2009-9-1 1966008]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-1 102448]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110325.002\naveng.sys [2011-3-25 86008]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110325.002\navex15.sys [2011-3-25 1360760]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-31 136176]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2009-9-1 116664]
    S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-03-26 23:19:26 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{72af4407-a307-4f80-b641-e817c76a0385}\MpKslcc419043.sys
    2011-03-26 03:51:40 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-03-26 03:51:07 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{72af4407-a307-4f80-b641-e817c76a0385}\mpengine.dll
    2011-03-26 03:49:16 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-03-26 03:36:30 -------- d-----w- c:\program files\Microsoft Security Client
    2011-03-26 03:35:20 -------- d-----w- C:\d3ed072d3bf43ec985356ea4
    2011-03-25 02:26:52 -------- d-----w- c:\docume~1\owner\applic~1\QuuSoft
    2011-03-24 02:41:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-03-24 02:41:07 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-03-24 02:41:07 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-03-24 02:41:07 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
    2011-03-24 02:41:07 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
    2011-03-24 02:41:07 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-03-24 02:41:07 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-03-24 02:41:07 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-03-21 00:27:48 -------- d-----w- C:\ConverterOutput
    2011-03-21 00:27:28 6144 ----a-w- c:\windows\system32\ff_acm.acm
    2011-03-21 00:27:28 258352 ----a-w- c:\windows\system32\unicows.dll
    2011-03-21 00:27:26 372736 ----a-w- c:\windows\system32\xvid.ax
    2011-03-21 00:27:24 -------- d-----w- c:\program files\Cucusoft
    2011-03-17 23:16:01 -------- d-----w- C:\AeriaGames
    2011-03-17 05:22:38 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\WMTools Downloaded Files
    2011-03-12 17:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-02-26 02:04:22 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-02-26 02:04:21 -------- d-----w- c:\program files\Trend Micro
    2011-02-25 23:59:15 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Tific
    2011-02-25 23:59:15 -------- d-----w- c:\docume~1\owner\applic~1\Tific
    2011-02-25 23:58:58 -------- d-----w- c:\windows\system32\drivers\nortonpccheckup\0200090.018
    2011-02-25 23:58:58 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
    2011-02-25 23:58:57 -------- d-----w- c:\program files\Norton PC Checkup
    2011-02-25 23:58:53 -------- d-----w- c:\program files\NortonInstaller
    2011-02-25 03:14:47 -------- d-----w- c:\program files\iPod
    .
    ==================== Find3M ====================
    .
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-03-16 05:09:00 203776 --sh--w- c:\windows\system32\unrar.exe
    .
    ============= FINISH: 18:27:23.07 ===============
     
  2. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    i can also put a log of hijack this if you guys want
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Attach.txt part of DDS is missing.
    Please, post it.

    You're running two AV programs, Norton and MSE.
    One of them has to go.
    Your choice.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    is this the attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/26/2008 4:20:04 PM
    System Uptime: 3/26/2011 6:18:12 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0FH884
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 19.752 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Dell TrueMobile 1300 WLAN Mini-PCI Card
    Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_03551154&REV_02\4&5855BE9&0&00F0
    Manufacturer: Broadcom
    Name: Dell TrueMobile 1300 WLAN Mini-PCI Card
    PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_03551154&REV_02\4&5855BE9&0&00F0
    Service: BCM43XX
    .
    ==== System Restore Points ===================
    .
    RP107: 12/30/2010 10:30:34 PM - System Checkpoint
    RP108: 1/4/2011 6:14:52 AM - System Checkpoint
    RP109: 1/5/2011 7:08:26 PM - System Checkpoint
    RP110: 1/12/2011 6:36:45 AM - Software Distribution Service 3.0
    RP111: 1/15/2011 12:03:35 AM - System Checkpoint
    RP112: 1/16/2011 12:32:29 AM - System Checkpoint
    RP113: 1/21/2011 7:13:44 PM - System Checkpoint
    RP114: 2/1/2011 7:45:33 PM - System Checkpoint
    RP115: 2/3/2011 3:42:05 PM - System Checkpoint
    RP116: 2/6/2011 8:41:57 PM - System Checkpoint
    RP117: 2/8/2011 6:26:33 PM - Software Distribution Service 3.0
    RP118: 2/10/2011 7:54:01 PM - System Checkpoint
    RP119: 2/12/2011 1:14:38 AM - System Checkpoint
    RP120: 2/13/2011 1:26:14 AM - System Checkpoint
    RP121: 2/14/2011 3:28:17 PM - System Checkpoint
    RP122: 2/15/2011 6:24:22 AM - Software Distribution Service 3.0
    RP123: 2/16/2011 10:34:16 PM - System Checkpoint
    RP124: 2/21/2011 4:00:49 PM - System Checkpoint
    RP125: 2/22/2011 6:49:36 PM - System Checkpoint
    RP126: 2/25/2011 8:04:20 PM - Installed HiJackThis
    RP127: 2/27/2011 11:37:37 PM - System Checkpoint
    RP128: 3/1/2011 3:31:01 PM - System Checkpoint
    RP129: 3/2/2011 3:41:05 PM - System Checkpoint
    RP130: 3/7/2011 11:03:54 PM - System Checkpoint
    RP131: 3/8/2011 10:38:49 PM - Software Distribution Service 3.0
    RP132: 3/9/2011 11:24:10 PM - System Checkpoint
    RP133: 3/11/2011 5:45:30 AM - System Checkpoint
    RP134: 3/12/2011 9:39:39 AM - System Checkpoint
    RP135: 3/13/2011 2:45:54 PM - System Checkpoint
    RP136: 3/14/2011 5:01:28 PM - System Checkpoint
    RP137: 3/15/2011 7:19:49 PM - System Checkpoint
    RP138: 3/16/2011 2:56:08 AM - Software Distribution Service 3.0
    RP139: 3/18/2011 3:23:15 PM - System Checkpoint
    RP140: 3/21/2011 3:50:52 PM - System Checkpoint
    RP141: 3/22/2011 4:34:53 PM - System Checkpoint
    RP142: 3/23/2011 5:23:25 PM - System Checkpoint
    RP143: 3/23/2011 8:32:10 PM - Software Distribution Service 3.0
    RP144: 3/25/2011 4:56:31 PM - System Checkpoint
    RP145: 3/25/2011 10:49:16 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    5600
    5600_Help
    5600Trb
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.3
    Adobe Shockwave Player 11.5
    AiO_Scan
    AiOSoftware
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    BufferChm
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    Critical Update for Windows Media Player 11 (KB959772)
    CustomerResearchQFolder
    Destinations
    DeviceManagementQFolder
    DivX Setup
    DocProc
    eSupportQFolder
    Fax
    Fiesta
    Final Uninstaller
    Free Audio CD Burner version 1.4.7
    Free Realms
    Free Realms Installer
    Free Studio version 4.8
    Free YouTube to iPod Converter version 3.9.31.305
    Free YouTube to MP3 Converter version 3.9.34.305
    Google Update Helper
    Grand Fantasia
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Extended Capabilities 5.3
    HP Image Zone Express
    HP Imaging Device Functions 5.3
    HP Product Assistant
    HP PSC & OfficeJet 5.3.B
    HP Solution Center & Imaging Support Tools 5.3
    HP Update
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    iPhone Configuration Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    MarketResearch
    Media Player Codec Pack 3.9.5
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 4.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Ultra Edition
    neroxml
    NewCopy
    Norton PC Checkup
    OGA Notifier 2.0.0048.0
    Picasa 3
    PowerDVD
    ProductContext
    Project64 1.6
    QuickTime
    Readme
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SolutionCenter
    Spelling Dictionaries Support For Adobe Reader 9
    Status
    Symantec AntiVirus
    TrayApp
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    WebFldrs XP
    WebReg
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows PowerShell(TM) 1.0 MUI pack
    WinRAR archiver
    Wizard101
    Xilisoft YouTube Video Converter
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/26/2011 4:10:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm MpFilter SAVRT SAVRTPEL SPBBCDrv SYMTDI
    3/26/2011 1:43:47 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    3/26/2011 1:43:46 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    3/26/2011 1:43:43 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    3/26/2011 1:43:43 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
    3/26/2011 1:43:42 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    3/26/2011 1:43:42 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    3/26/2011 1:43:42 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/26/2011 1:43:41 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    3/24/2011 11:13:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SAVRT SAVRTPEL SPBBCDrv SYMTDI
    3/24/2011 11:13:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    3/24/2011 11:12:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/24/2011 11:10:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus Definition Watcher service to connect.
    3/24/2011 11:10:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
    3/24/2011 11:10:33 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/21/2011 7:21:25 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
    3/21/2011 7:21:25 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
    3/21/2011 7:21:25 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
    3/21/2011 5:57:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
    .
    ==== End Of File ===========================
     
  5. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    MBR

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000d

    Kernel Drivers (total 122):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\System32\drivers\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\System32\drivers\PCIIDEX.SYS
    0xBA5AC000 intelide.sys
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5AE000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9F0B000 atapi.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9EEB000 fltMgr.sys
    0xB9ED9000 sr.sys
    0xBA0F8000 PxHelp20.sys
    0xB9EC2000 KSecDD.sys
    0xB9E35000 Ntfs.sys
    0xB9E08000 NDIS.sys
    0xB9DEE000 Mup.sys
    0xBA2E8000 \SystemRoot\System32\drivers\intelppm.sys
    0xB932E000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xB931A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB92F0000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xBA418000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB92CC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA420000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB9264000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xB9224000 \SystemRoot\system32\drivers\smwdm.sys
    0xB9200000 \SystemRoot\system32\drivers\portcls.sys
    0xBA2F8000 \SystemRoot\system32\drivers\drmk.sys
    0xB91DD000 \SystemRoot\system32\drivers\ks.sys
    0xB912A000 \SystemRoot\system32\drivers\senfilt.sys
    0xBA428000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB9116000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA308000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA58C000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA318000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA118000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA128000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xBA430000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xBA6F4000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA138000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA594000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB90FF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA148000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA158000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB90EE000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA168000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA440000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB90BE000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA450000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA458000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA5DC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB9060000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9DB1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA198000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA1B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5DE000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA470000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xA8DF0000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0xBA574000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA378000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xA8D4A000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xBA578000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xBA57C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA7AC000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA63A000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA388000 \SystemRoot\System32\drivers\vga.sys
    0xBA63C000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA63E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA390000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA398000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA584000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA8BA4000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA8B4B000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA8B25000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA8AEC000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0xBA2B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA8AC4000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA8AA2000 \SystemRoot\System32\drivers\afd.sys
    0xBA2C8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA8A12000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA89A2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA2D8000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA8927000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xA8F3F000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA8DE8000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3C8000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA683000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF077000 \SystemRoot\System32\ialmdd5.DLL
    0xBF159000 \SystemRoot\System32\ATMFD.DLL
    0xA87D3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA83B3000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xA81E6000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA8407000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA7F5B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBA66C000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xA7D9B000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA616000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
    0xA77E2000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA7642000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
    0xA71F8000 \SystemRoot\system32\drivers\kmixer.sys
    0xBA368000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AA06029-6A35-4747-801E-B5FAD0A835E3}\MpKsla07819b7.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 53):
    0 System Idle Process
    4 System
    784 C:\WINDOWS\system32\smss.exe
    832 csrss.exe
    856 C:\WINDOWS\system32\winlogon.exe
    900 C:\WINDOWS\system32\services.exe
    912 C:\WINDOWS\system32\lsass.exe
    1080 C:\WINDOWS\system32\svchost.exe
    1144 svchost.exe
    1200 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    1240 C:\WINDOWS\system32\svchost.exe
    1364 svchost.exe
    1444 svchost.exe
    1776 C:\WINDOWS\explorer.exe
    412 C:\WINDOWS\system32\spoolsv.exe
    808 svchost.exe
    1100 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1344 C:\Program Files\Bonjour\mDNSResponder.exe
    1804 C:\Program Files\Java\jre6\bin\jqs.exe
    2020 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    2292 C:\WINDOWS\system32\HPZipm12.exe
    2332 C:\Program Files\CyberLink\Shared files\RichVideo.exe
    2432 C:\WINDOWS\system32\svchost.exe
    2660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3328 alg.exe
    3904 C:\Program Files\Real\RealPlayer\Update\realsched.exe
    3912 C:\Program Files\iTunes\iTunesHelper.exe
    4036 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    4072 C:\Program Files\Microsoft Security Client\msseces.exe
    4092 C:\WINDOWS\system32\ctfmon.exe
    468 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    1564 C:\Program Files\Mozilla Firefox\firefox.exe
    1580 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    1696 C:\Program Files\iPod\bin\iPodService.exe
    3884 C:\Program Files\Mozilla Firefox\plugin-container.exe
    492 C:\Program Files\Windows Media Player\wmplayer.exe
    3136 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4060 C:\Program Files\Mozilla Firefox\plugin-container.exe
    436 C:\Program Files\Mozilla Firefox\plugin-container.exe
    1644 C:\Program Files\Mozilla Firefox\plugin-container.exe
    1284 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3500 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2412 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3164 C:\Program Files\Mozilla Firefox\plugin-container.exe
    828 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3084 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2556 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3480 C:\Program Files\Mozilla Firefox\plugin-container.exe
    1748 C:\WINDOWS\system32\mshta.exe
    2196 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    2124 C:\WINDOWS\system32\rundll32.exe
    5496 C:\WINDOWS\system32\msiexec.exe
    2304 C:\Documents and Settings\OWNER\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHD080HJ/P, Rev: ZH100-34

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  6. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    how do i disable Malwarebytes anti malware im using the free version and ido nokt know where or what my script blocking protection is
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Free version of Malwarebytes doesn't run in real time, so you don't have to worry about it.

    I don't see any script blocking programs on your computer.

    Disable your AV program and you're good to run Combofix.
     
  8. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    combofix

    when it first ran it said somethin about warningparasites attacking the computer or somethign like that and it listed this
    C:\Dpcuments and Settings\OWNER\Application Data\cleanhdd.dll
    okay so i ran combofix and it gave me a log and here it is

    ComboFix 11-03-23.04 - OWNER 03/27/2011 13:11:32.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1293 [GMT -5:00]
    Running from: c:\documents and settings\OWNER\My Documents\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    The following files were disabled during the run:
    c:\documents and settings\OWNER\Application Data\cleanhdd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e8oafg9s.default\extensions\{6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e8oafg9s.default\extensions\{6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}\chrome.manifest
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e8oafg9s.default\extensions\{6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}\chrome\xulcache.jar
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e8oafg9s.default\extensions\{6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}\defaults\preferences\xulcache.js
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e8oafg9s.default\extensions\{6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}\install.rdf
    c:\documents and settings\OWNER\Application Data\cleanhdd.exe
    c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\extensions\{6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}
    c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\extensions\{6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}\chrome.manifest
    c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\extensions\{6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}\chrome\xulcache.jar
    c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\extensions\{6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}\defaults\preferences\xulcache.js
    c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\extensions\{6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}\install.rdf
    c:\documents and settings\OWNER\Application Data\uid_pal
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\system\WINSPOOL.DRV
    c:\windows\system32\2122896695
    c:\windows\system32\Thumbs.db
    c:\windows\system32\winlogon.bak
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job
    .
    c:\windows\system32\msgsvc.dll . . . is infected!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-27 05:24 . 2011-03-15 02:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B030059-131E-4AC1-8852-7771B0D6A024}\mpengine.dll
    2011-03-26 03:51 . 2011-03-15 02:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-03-26 03:49 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-03-26 03:36 . 2011-03-26 03:37 -------- d-----w- c:\program files\Microsoft Security Client
    2011-03-26 03:35 . 2011-03-26 05:55 -------- d-----w- C:\d3ed072d3bf43ec985356ea4
    2011-03-25 02:26 . 2011-03-25 02:27 -------- d-----w- c:\documents and settings\OWNER\Application Data\QuuSoft
    2011-03-25 01:09 . 2011-03-25 00:03 50688 ----a-w- c:\documents and settings\OWNER\Application Data\cleanhdd.dll
    2011-03-24 02:41 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-03-24 02:41 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-03-24 02:41 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-03-24 02:41 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-03-24 02:41 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-03-24 02:41 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-03-24 02:41 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-03-24 02:41 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-21 00:27 . 2011-03-21 00:27 -------- d-----w- C:\ConverterOutput
    2011-03-21 00:27 . 2008-06-16 02:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
    2011-03-21 00:27 . 2008-06-15 15:01 258352 ----a-w- c:\windows\system32\unicows.dll
    2011-03-21 00:27 . 2003-03-31 01:08 372736 ----a-w- c:\windows\system32\xvid.ax
    2011-03-21 00:27 . 2011-03-21 00:27 -------- d-----w- c:\program files\Cucusoft
    2011-03-17 23:16 . 2011-03-17 23:16 -------- d-----w- C:\AeriaGames
    2011-03-17 05:22 . 2011-03-22 17:18 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\WMTools Downloaded Files
    2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2011-02-26 02:04 . 2011-02-26 02:04 388096 ----a-r- c:\documents and settings\OWNER\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-02-26 02:04 . 2011-02-26 02:04 -------- d-----w- c:\program files\Trend Micro
    2011-02-25 23:59 . 2011-03-12 15:35 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Tific
    2011-02-25 23:59 . 2011-02-25 23:59 -------- d-----w- c:\documents and settings\OWNER\Application Data\Tific
    2011-02-25 23:58 . 2011-02-25 23:58 -------- d-----w- c:\program files\NortonInstaller
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-09 13:53 . 2002-12-31 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2002-12-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2008-11-26 22:14 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2008-11-26 22:14 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2002-12-31 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2002-12-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2002-12-31 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2011-03-18 17:53 . 2011-03-24 02:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-03-16 05:09 203776 --sh--w- c:\windows\system32\unrar.exe
    .
    .
    ------- Sigcheck -------
    .
    [-] 2008-11-26 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-18 274608]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\OWNER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\OWNER\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-28 00:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2002-12-31 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 18:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 15:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-09-20 15:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    2007-02-07 21:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2007-02-07 21:24 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2006-10-29 15:13 1404928 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-11-18 05:19 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Documents and Settings\\OWNER\\My Documents\\Downloads\\VideoConverter_Setup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58557:TCP"= 58557:TCP:*:Disabled:pando Media Booster
    "58557:UDP"= 58557:UDP:*:Disabled:pando Media Booster
    "56131:TCP"= 56131:TCP:*:Disabled:pando Media Booster
    "56131:UDP"= 56131:UDP:*:Disabled:pando Media Booster
    "1037:TCP"= 1037:TCP:*:Disabled:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface
    .
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/31/2010 4:38 PM 136176]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 21:38]
    .
    2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 21:38]
    .
    2011-03-27 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
    .
    2011-03-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-1708537768-1417001333-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
    .
    2011-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-1708537768-1417001333-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
    .
    2011-03-27 c:\windows\Tasks\User_Feed_Synchronization-{0323B0BF-20C8-474E-A73C-6D6AE04335A1}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZJxdm1287Fus&ptb=3E.coohHuEGp0IKy5WWMgA
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with Xilisoft YouTube Video Converter - c:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\OWNER\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to iPod Converter - c:\documents and settings\OWNER\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\OWNER\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm1287Fus&ptb=3E.coohHuEGp0IKy5WWMgA&ind=2011022613&ptnrS=ZJxdm1287Fus&si=&n=77ddc515&psa=&st=kwd&searchfor=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-NavLogon - (no file)
    MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    MSConfigStartUp-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    MSConfigStartUp-JCFSE7V7Z1 - c:\docume~1\OWNER\LOCALS~1\Temp\Wbg.exe
    MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-27 13:17
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1496)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
    c:\program files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
    c:\program files\WinRAR\rarext.dll
    c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\HPZipm12.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-27 13:23:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-27 18:23
    .
    Pre-Run: 21,868,331,008 bytes free
    Post-Run: 22,365,085,696 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 669854EBBB44194F958052E5F16D1E5B
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We'll have fix couple of issues here.
    Do you have Windows XP CD?

    =========================================================

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\windows\system32\winlogon.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.

    =====================================================================

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :filefind
      msgsvc.dll
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    ====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    i do not have windows xp cd should i continue with the steps
     
  11. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    i didnt get see a log so i just copied and pasted everything on the page

    File name:
    winlogon.exe
    Submission date:
    2011-03-27 22:26:44 (UTC)
    Current status:
    finished
    Result:
    0/ 43 (0.0%)

    VT Community

    not reviewed
    Safety score: -
    Compact
    Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2011.03.27.01 2011.03.27 -
    AntiVir 7.11.5.87 2011.03.27 -
    Antiy-AVL 2.0.3.7 2011.03.27 -
    Avast 4.8.1351.0 2011.03.27 -
    Avast5 5.0.677.0 2011.03.27 -
    AVG 10.0.0.1190 2011.03.27 -
    BitDefender 7.2 2011.03.27 -
    CAT-QuickHeal 11.00 2011.03.27 -
    ClamAV 0.96.4.0 2011.03.27 -
    Commtouch 5.2.11.5 2011.03.24 -
    Comodo 8128 2011.03.27 -
    DrWeb 5.0.2.03300 2011.03.27 -
    Emsisoft 5.1.0.4 2011.03.27 -
    eSafe 7.0.17.0 2011.03.27 -
    eTrust-Vet 36.1.8236 2011.03.25 -
    F-Prot 4.6.2.117 2011.03.27 -
    F-Secure 9.0.16440.0 2011.03.23 -
    Fortinet 4.2.254.0 2011.03.27 -
    GData 21 2011.03.27 -
    Ikarus T3.1.1.97.0 2011.03.27 -
    Jiangmin 13.0.900 2011.03.27 -
    K7AntiVirus 9.94.4219 2011.03.26 -
    Kaspersky 7.0.0.125 2011.03.28 -
    McAfee 5.400.0.1158 2011.03.27 -
    McAfee-GW-Edition 2010.1C 2011.03.27 -
    Microsoft 1.6702 2011.03.27 -
    NOD32 5990 2011.03.27 -
    Norman 6.07.03 2011.03.27 -
    nProtect None 2011.02.15 -
    Panda 10.0.3.5 2011.03.27 -
    PCTools 7.0.3.5 2011.03.26 -
    Prevx 3.0 2011.03.28 -
    Rising 23.50.05.05 2011.03.26 -
    Sophos 4.64.0 2011.03.27 -
    SUPERAntiSpyware 4.40.0.1006 2011.03.27 -
    Symantec 20101.3.0.103 2011.03.27 -
    TheHacker 6.7.0.1.159 2011.03.27 -
    TrendMicro 9.200.0.1012 2011.03.27 -
    TrendMicro-HouseCall 9.200.0.1012 2011.03.27 -
    VBA32 3.12.14.3 2011.03.25 -
    VIPRE 8840 2011.03.27 -
    ViRobot 2011.3.26.4378 2011.03.27 -
    VirusBuster 13.6.272.0 2011.03.27 -
    Additional information
    MD5 : 679a7259741f6a09994f02ce261b5f2e
    SHA1 : 65c19a973b4959f0dfd5c835d014edb2d6acacfe
    SHA256: 05cacb0eb05f81bdd55b70e29701d6a936f577fe78959f26655eb23940a20a81
    ssdeep: 6144:fNZlxEdL5RvGlcHF37newMLao6nMnKHOD13PRnCfOVSePfLtisgZY3Z:gdz+lcDKao6nSK
    Hs5qOMgxZg
    File size : 507904 bytes
    First seen: 2008-05-06 10:50:26
    Last seen : 2011-03-27 22:26:44
    TrID:
    Win64 Executable Generic (80.9%)
    Win32 Executable Generic (8.0%)
    Win32 Dynamic Link Library (generic) (7.1%)
    Generic Win/DOS Executable (1.8%)
    DOS Executable Generic (1.8%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: Windows NT Logon Application
    original name: WINLOGON.EXE
    internal name: winlogon
    file version.: 5.1.2600.5512 (xpsp.080413-2113)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x3E5E1
    timedatestamp....: 0x48027549 (Sun Apr 13 21:04:09 2008)
    machinetype......: 0x14c (I386)

    [[ 3 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x70991, 0x70A00, 6.82, 619ab8c396e3277a9091005e8275283a
    .data, 0x72000, 0x4E70, 0x2000, 6.28, fca073b60b2883dab4308d32c8083f1e
    .rsrc, 0x77000, 0x9020, 0x9200, 3.62, 8b50f3590d97bb27639f10bacbc53187

    [[ 20 import(s) ]]
    ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA
    AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle
    CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx
    GDI32.dll: RemoveFontResourceW, AddFontResourceW
    KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, ExpandEnvironmentStringsW, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, GetVersionExA, DuplicateHandle, OpenProcess, GetOverlappedResult, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, TlsGetValue, DeleteCriticalSection, TlsAlloc, VirtualFree, TlsFree
    msvcrt.dll: wcslen, _vsnwprintf, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp
    NDdeApi.dll: -, -, -, -
    ntdll.dll: RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtSetInformationProcess, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlGetNtProductType, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtOpenDirectoryObject
    PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW
    PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW
    REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery
    RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate
    Secur32.dll: LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess
    SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW
    USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW
    USERENV.dll: -, WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, -, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, GetUserProfileDirectoryW
    VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
    WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon
    WINTRUST.dll: CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext
    WS2_32.dll: -, -, getaddrinfo
    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 461312
    CompanyName: Microsoft Corporation
    EntryPoint: 0x3e5e1
    FileDescription: Windows NT Logon Application
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 496 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
    FileVersionNumber: 5.1.2600.5512
    ImageVersion: 21315.20512
    InitializedDataSize: 57856
    InternalName: winlogon
    LanguageCode: English (U.S.)
    LegalCopyright: Microsoft Corporation. All rights reserved.
    LinkerVersion: 7.1
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 5.1
    ObjectFileType: Executable application
    OriginalFilename: WINLOGON.EXE
    PEType: PE32
    ProductName: Microsoft Windows Operating System
    ProductVersion: 5.1.2600.5512
    ProductVersionNumber: 5.1.2600.5512
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2008:04:13 23:04:09+02:00
    UninitializedDataSize: 0
    Symantec reputation:Suspicious.Insight

    VT Community

    This file has never been reviewed by any VT Community member. Be the first one to comment on it!

    VirusTotal Team
     
  12. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    system look

    SystemLook 04.09.10 by jpshortstuff
    Log created at 17:32 on 27/03/2011 by OWNER
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "msgsvc.dll"
    C:\WINDOWS\ERDNT\cache\msgsvc.dll --a---- 33792 bytes [18:22 27/03/2011] [12:00 31/12/2002] 986B1FF5814366D71E0AC5755C88F2D3
    C:\WINDOWS\system32\msgsvc.dll --a---- 33792 bytes [12:00 31/12/2002] [12:00 31/12/2002] 986B1FF5814366D71E0AC5755C88F2D3

    -= EOF =-
     
  13. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    TDDSkiller

    2011/03/27 17:37:58.0546 3964 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/27 17:37:58.0765 3964 ================================================================================
    2011/03/27 17:37:58.0765 3964 SystemInfo:
    2011/03/27 17:37:58.0765 3964
    2011/03/27 17:37:58.0765 3964 OS Version: 5.1.2600 ServicePack: 3.0
    2011/03/27 17:37:58.0765 3964 Product type: Workstation
    2011/03/27 17:37:58.0765 3964 ComputerName: EDGAR
    2011/03/27 17:37:58.0765 3964 UserName: OWNER
    2011/03/27 17:37:58.0765 3964 Windows directory: C:\WINDOWS
    2011/03/27 17:37:58.0765 3964 System windows directory: C:\WINDOWS
    2011/03/27 17:37:58.0765 3964 Processor architecture: Intel x86
    2011/03/27 17:37:58.0765 3964 Number of processors: 2
    2011/03/27 17:37:58.0765 3964 Page size: 0x1000
    2011/03/27 17:37:58.0765 3964 Boot type: Normal boot
    2011/03/27 17:37:58.0765 3964 ================================================================================
    2011/03/27 17:37:59.0703 3964 Initialize success
    2011/03/27 17:38:16.0046 1564 ================================================================================
    2011/03/27 17:38:16.0046 1564 Scan started
    2011/03/27 17:38:16.0046 1564 Mode: Manual;
    2011/03/27 17:38:16.0046 1564 ================================================================================
    2011/03/27 17:38:16.0500 1564 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\drivers\ACPI.sys
    2011/03/27 17:38:16.0562 1564 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/03/27 17:38:16.0640 1564 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
    2011/03/27 17:38:16.0671 1564 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/03/27 17:38:16.0734 1564 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/03/27 17:38:16.0953 1564 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/03/27 17:38:16.0968 1564 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
    2011/03/27 17:38:17.0015 1564 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/03/27 17:38:17.0078 1564 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/03/27 17:38:17.0125 1564 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/03/27 17:38:17.0203 1564 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2011/03/27 17:38:17.0250 1564 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/03/27 17:38:17.0328 1564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/03/27 17:38:17.0359 1564 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/03/27 17:38:17.0375 1564 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/03/27 17:38:17.0406 1564 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/03/27 17:38:17.0531 1564 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/03/27 17:38:17.0625 1564 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/03/27 17:38:17.0656 1564 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/03/27 17:38:17.0671 1564 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/03/27 17:38:17.0734 1564 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/03/27 17:38:17.0796 1564 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/03/27 17:38:17.0859 1564 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/03/27 17:38:17.0875 1564 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/03/27 17:38:17.0906 1564 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/03/27 17:38:17.0921 1564 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/03/27 17:38:17.0953 1564 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/03/27 17:38:17.0968 1564 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/03/27 17:38:18.0015 1564 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/03/27 17:38:18.0046 1564 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/27 17:38:18.0093 1564 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/03/27 17:38:18.0156 1564 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/03/27 17:38:18.0234 1564 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/03/27 17:38:18.0250 1564 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/03/27 17:38:18.0312 1564 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/03/27 17:38:18.0375 1564 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/03/27 17:38:18.0421 1564 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/03/27 17:38:18.0515 1564 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/03/27 17:38:18.0593 1564 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/03/27 17:38:18.0687 1564 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\drivers\intelide.sys
    2011/03/27 17:38:18.0750 1564 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\drivers\intelppm.sys
    2011/03/27 17:38:18.0765 1564 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/03/27 17:38:18.0828 1564 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/03/27 17:38:18.0859 1564 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/03/27 17:38:18.0890 1564 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/03/27 17:38:18.0921 1564 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/03/27 17:38:18.0984 1564 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/03/27 17:38:19.0015 1564 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\drivers\isapnp.sys
    2011/03/27 17:38:19.0062 1564 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/03/27 17:38:19.0078 1564 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/03/27 17:38:19.0140 1564 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/03/27 17:38:19.0187 1564 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/03/27 17:38:19.0265 1564 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/03/27 17:38:19.0296 1564 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/03/27 17:38:19.0328 1564 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/03/27 17:38:19.0359 1564 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/03/27 17:38:19.0390 1564 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/03/27 17:38:19.0437 1564 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/03/27 17:38:19.0578 1564 MpKsld61f3aa2 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2EEB1173-3069-42C6-AC61-FEA40C4F09FD}\MpKsld61f3aa2.sys
    2011/03/27 17:38:19.0625 1564 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/03/27 17:38:19.0703 1564 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/03/27 17:38:19.0734 1564 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/03/27 17:38:19.0796 1564 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/03/27 17:38:19.0828 1564 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/03/27 17:38:19.0859 1564 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/03/27 17:38:19.0921 1564 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/03/27 17:38:19.0937 1564 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/03/27 17:38:19.0968 1564 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/03/27 17:38:19.0984 1564 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/03/27 17:38:20.0046 1564 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/03/27 17:38:20.0062 1564 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/03/27 17:38:20.0109 1564 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/03/27 17:38:20.0125 1564 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/03/27 17:38:20.0140 1564 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/03/27 17:38:20.0203 1564 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/03/27 17:38:20.0281 1564 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/03/27 17:38:20.0312 1564 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/03/27 17:38:20.0375 1564 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/03/27 17:38:20.0390 1564 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/03/27 17:38:20.0437 1564 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/03/27 17:38:20.0453 1564 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/03/27 17:38:20.0468 1564 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/03/27 17:38:20.0515 1564 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\drivers\pci.sys
    2011/03/27 17:38:20.0562 1564 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\pciide.sys
    2011/03/27 17:38:20.0593 1564 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/03/27 17:38:20.0750 1564 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/03/27 17:38:20.0781 1564 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/03/27 17:38:20.0796 1564 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/03/27 17:38:20.0843 1564 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/03/27 17:38:20.0968 1564 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/03/27 17:38:20.0984 1564 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/03/27 17:38:21.0015 1564 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/03/27 17:38:21.0031 1564 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/03/27 17:38:21.0062 1564 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/03/27 17:38:21.0078 1564 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/03/27 17:38:21.0140 1564 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/03/27 17:38:21.0218 1564 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/03/27 17:38:21.0250 1564 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/03/27 17:38:21.0312 1564 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
    2011/03/27 17:38:21.0406 1564 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/03/27 17:38:21.0500 1564 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    2011/03/27 17:38:21.0562 1564 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/03/27 17:38:21.0578 1564 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/03/27 17:38:21.0625 1564 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/03/27 17:38:21.0671 1564 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    2011/03/27 17:38:21.0750 1564 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/03/27 17:38:21.0812 1564 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/03/27 17:38:21.0875 1564 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/03/27 17:38:21.0906 1564 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/03/27 17:38:21.0937 1564 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/03/27 17:38:22.0031 1564 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/03/27 17:38:22.0093 1564 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/03/27 17:38:22.0156 1564 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/03/27 17:38:22.0187 1564 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/03/27 17:38:22.0203 1564 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/03/27 17:38:22.0312 1564 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/03/27 17:38:22.0390 1564 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/03/27 17:38:22.0468 1564 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/03/27 17:38:22.0531 1564 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/03/27 17:38:22.0593 1564 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/03/27 17:38:22.0609 1564 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/03/27 17:38:22.0640 1564 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/03/27 17:38:22.0703 1564 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/03/27 17:38:22.0750 1564 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/03/27 17:38:22.0765 1564 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/03/27 17:38:22.0828 1564 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/03/27 17:38:22.0906 1564 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/03/27 17:38:22.0937 1564 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/03/27 17:38:23.0015 1564 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/03/27 17:38:23.0125 1564 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/03/27 17:38:23.0171 1564 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/03/27 17:38:23.0234 1564 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/03/27 17:38:23.0265 1564 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/03/27 17:38:23.0453 1564 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
    2011/03/27 17:38:23.0671 1564 ================================================================================
    2011/03/27 17:38:23.0671 1564 Scan finished
    2011/03/27 17:38:23.0671 1564 ================================================================================
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good :)

    Go back to VirusTotal and submit this file:
    - C:\WINDOWS\system32\msgsvc.dll
     
  15. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    File name:
    msgsvc.dll
    Submission date:
    2011-03-27 23:50:25 (UTC)
    Current status:
    finished
    Result:
    0/ 41 (0.0%)

    VT Community

    not reviewed
    Safety score: -
    Compact
    Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2011.03.23.01 2011.03.23 -
    AntiVir 7.11.5.43 2011.03.23 -
    Antiy-AVL 2.0.3.7 2011.03.22 -
    Avast 4.8.1351.0 2011.03.23 -
    Avast5 5.0.677.0 2011.03.23 -
    AVG 10.0.0.1190 2011.03.23 -
    BitDefender 7.2 2011.03.23 -
    CAT-QuickHeal 11.00 None.. -
    ClamAV 0.96.4.0 2011.03.23 -
    Commtouch 5.2.11.5 2011.03.22 -
    Comodo 8073 2011.03.23 -
    DrWeb 5.0.2.03300 2011.03.23 -
    eSafe 7.0.17.0 2011.03.22 -
    eTrust-Vet 36.1.8231 2011.03.23 -
    F-Prot 4.6.2.117 2011.03.22 -
    F-Secure 9.0.16440.0 2011.03.23 -
    Fortinet 4.2.254.0 2011.03.23 -
    GData 21 2011.03.23 -
    Ikarus T3.1.1.97.0 2011.03.23 -
    Jiangmin 13.0.900 2011.03.23 -
    K7AntiVirus 9.94.4188 2011.03.23 -
    McAfee 5.400.0.1158 2011.03.23 -
    McAfee-GW-Edition 2010.1C 2011.03.23 -
    Microsoft 1.6603 2011.03.23 -
    NOD32 5977 2011.03.23 -
    Norman 6.07.03 2011.03.22 -
    nProtect 2011-02-10.01 2011.02.15 -
    Panda 10.0.3.5 2011.03.22 -
    PCTools 7.0.3.5 2011.03.21 -
    Prevx 3.0 2011.03.28 -
    Rising 23.50.01.06 2011.03.22 -
    Sophos 4.63.0 2011.03.23 -
    SUPERAntiSpyware 4.40.0.1006 2011.03.23 -
    Symantec 20101.3.0.103 2011.03.23 -
    TheHacker 6.7.0.1.155 2011.03.23 -
    TrendMicro 9.200.0.1012 2011.03.23 -
    TrendMicro-HouseCall 9.200.0.1012 2011.03.23 -
    VBA32 3.12.14.3 2011.03.23 -
    VIPRE 8790 2011.03.23 -
    ViRobot 2011.3.23.4372 2011.03.23 -
    VirusBuster 13.6.264.0 2011.03.22 -
    Additional information
    MD5 : 986b1ff5814366d71e0ac5755c88f2d3
    SHA1 : 3ad9925dd867cf0beb6cace008ec6e7ca5aea290
    SHA256: e6af051174531c24b38e73987755d366abec595476c6d17793e8dccc73f55340
    ssdeep: 768:8U+AE0crPMQCpPlRlsA19NXWh8DtdhqvdaFrNh6k:8Uk08M7tRlsAXRch2Wk
    File size : 33792 bytes
    First seen: 2009-06-19 08:44:08
    Last seen : 2011-03-27 23:50:25
    TrID:
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: NT Messenger Service
    original name: msgsvc.dll
    internal name: msgsvc.dll
    file version.: 5.1.2600.5512 (xpsp.080413-2113)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x11D1
    timedatestamp....: 0x4802A14D (Mon Apr 14 00:11:57 2008)
    machinetype......: 0x14c (I386)

    [[ 4 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x71AF, 0x7200, 6.57, f8a21139aa1265839fcce9261c309d16
    .data, 0x9000, 0xB14, 0x200, 1.34, a2fcf02772a89325a4df820e3e8c7e4d
    .rsrc, 0xA000, 0x3E8, 0x400, 3.35, 609aa1ebd56ed2c062f03471a216a124
    .reloc, 0xB000, 0x744, 0x800, 6.47, 9f12d46c1ba887eef5e73fed161ed5dd

    [[ 8 import(s) ]]
    ADVAPI32.dll: QueryServiceConfigW, OpenSCManagerW, OpenServiceW, CloseServiceHandle, QueryServiceStatus, SetServiceStatus, RegisterServiceCtrlHandlerExW
    iphlpapi.dll: NotifyAddrChange
    KERNEL32.dll: WideCharToMultiByte, MultiByteToWideChar, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LocalFree, LocalAlloc, GetLastError, LeaveCriticalSection, SetEvent, EnterCriticalSection, DeleteCriticalSection, TerminateThread, CloseHandle, GetTimeFormatW, GetDateFormatW, WaitForSingleObject, CreateThread, CreateEventW, CreateMailslotA, ReadFile, Sleep, WriteFile, InterlockedExchange, CreateFileA, GetOverlappedResult, GetLocalTime, FreeLibrary, FormatMessageA, FormatMessageW, LoadLibraryExW, GetComputerNameW, GetProcAddress, LoadLibraryW, DisableThreadLibraryCalls
    NETAPI32.dll: I_NetNameCanonicalize, Netbios, NetApiBufferFree, NetWkstaUserEnum, I_NetNameValidate
    ntdll.dll: NtQueryVirtualMemory, RtlUnwind, DbgPrint, wcsncmp, _strnicmp, wcsncpy, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, wcsstr, RtlFreeUnicodeString, NtOpenThreadToken, NtQueryInformationToken, NtClose, RtlRegisterWait, RtlInitializeCriticalSection, RtlNtStatusToDosError, NtAccessCheckAndAuditAlarm, RtlAdjustPrivilege, RtlInitUnicodeString, _itoa, wcscmp, RtlCopySid, RtlLengthSid, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNewSecurityObject, NtOpenProcessToken, RtlDeregisterWait, strncpy, RtlUnicodeStringToOemString, RtlFreeOemString, RtlInitAnsiString, RtlInitializeResource, RtlOemStringToUnicodeString, wcslen, wcscpy
    RPCRT4.dll: NdrServerCall2, RpcImpersonateClient, RpcRevertToSelf
    USER32.dll: RegisterDeviceNotificationW, UnregisterDeviceNotification, MessageBeep, MessageBoxW
    WS2_32.dll: -, -, -, -

    [[ 2 export(s) ]]
    ServiceMain, SvchostPushServiceGlobals
    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 29184
    CompanyName: Microsoft Corporation
    EntryPoint: 0x11d1
    FileDescription: NT Messenger Service
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 33 kB
    FileSubtype: 0
    FileType: Win32 DLL
    FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
    FileVersionNumber: 5.1.2600.5512
    ImageVersion: 5.1
    InitializedDataSize: 6144
    InternalName: msgsvc.dll
    LanguageCode: English (U.S.)
    LegalCopyright: Microsoft Corporation. All rights reserved.
    LinkerVersion: 7.1
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 5.1
    ObjectFileType: Executable application
    OriginalFilename: msgsvc.dll
    PEType: PE32
    ProductName: Microsoft Windows Operating System
    ProductVersion: 5.1.2600.5512
    ProductVersionNumber: 5.1.2600.5512
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2008:04:14 02:11:57+02:00
    UninitializedDataSize: 0
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\documents and settings\OWNER\Application Data\cleanhdd.dll
    
    DDS::
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    
    Firefox::
    FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm1287Fus&ptb=3E.coohHuEGp0IKy5WWMgA&ind=2011022613&ptnr S=ZJxdm1287Fus&si=&n=77ddc515&psa=&st=kwd&searchfor=
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  17. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    combofix had said that there was a new version or somethign liek that and i clicked yes to the update of combofix
    ComboFix 11-03-27.01 - OWNER 03/27/2011 19:24:40.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1417 [GMT -5:00]
    Running from: c:\documents and settings\OWNER\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\OWNER\My Documents\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    FILE ::
    "c:\documents and settings\OWNER\Application Data\cleanhdd.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\OWNER\Application Data\cleanhdd.dll
    c:\windows\system\winspool.drv
    c:\windows\system32\Thumbs.db
    .
    Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-27 18:29 . 2011-03-15 02:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2EEB1173-3069-42C6-AC61-FEA40C4F09FD}\mpengine.dll
    2011-03-26 03:51 . 2011-03-15 02:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-03-26 03:49 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-03-26 03:36 . 2011-03-26 03:37 -------- d-----w- c:\program files\Microsoft Security Client
    2011-03-26 03:35 . 2011-03-26 05:55 -------- d-----w- C:\d3ed072d3bf43ec985356ea4
    2011-03-25 02:26 . 2011-03-25 02:27 -------- d-----w- c:\documents and settings\OWNER\Application Data\QuuSoft
    2011-03-24 02:41 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-03-24 02:41 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-03-24 02:41 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-03-24 02:41 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-03-24 02:41 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-03-24 02:41 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-03-24 02:41 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    2011-03-24 02:41 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-21 00:27 . 2011-03-21 00:27 -------- d-----w- C:\ConverterOutput
    2011-03-21 00:27 . 2008-06-16 02:13 6144 ----a-w- c:\windows\system32\ff_acm.acm
    2011-03-21 00:27 . 2008-06-15 15:01 258352 ----a-w- c:\windows\system32\unicows.dll
    2011-03-21 00:27 . 2003-03-31 01:08 372736 ----a-w- c:\windows\system32\xvid.ax
    2011-03-21 00:27 . 2011-03-21 00:27 -------- d-----w- c:\program files\Cucusoft
    2011-03-17 23:16 . 2011-03-17 23:16 -------- d-----w- C:\AeriaGames
    2011-03-17 05:22 . 2011-03-22 17:18 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\WMTools Downloaded Files
    2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2011-02-26 02:04 . 2011-02-26 02:04 388096 ----a-r- c:\documents and settings\OWNER\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-02-26 02:04 . 2011-02-26 02:04 -------- d-----w- c:\program files\Trend Micro
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-09 13:53 . 2002-12-31 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2002-12-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2008-11-26 22:14 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2008-11-26 22:14 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2002-12-31 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2002-12-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2002-12-31 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2011-03-18 17:53 . 2011-03-24 02:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-03-16 05:09 203776 --sh--w- c:\windows\system32\unrar.exe
    .
    .
    ------- Sigcheck -------
    .
    [-] 2008-11-26 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-18 274608]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\OWNER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\OWNER\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-28 00:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2002-12-31 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 18:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 15:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-09-20 15:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 21:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    2007-02-07 21:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2007-02-07 21:24 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2006-10-29 15:13 1404928 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-11-18 05:19 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Documents and Settings\\OWNER\\My Documents\\Downloads\\VideoConverter_Setup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58557:TCP"= 58557:TCP:*:Disabled:pando Media Booster
    "58557:UDP"= 58557:UDP:*:Disabled:pando Media Booster
    "56131:TCP"= 56131:TCP:*:Disabled:pando Media Booster
    "56131:UDP"= 56131:UDP:*:Disabled:pando Media Booster
    "1037:TCP"= 1037:TCP:*:Disabled:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface
    .
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/31/2010 4:38 PM 136176]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 21:38]
    .
    2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 21:38]
    .
    2011-03-28 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
    .
    2011-03-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-1708537768-1417001333-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
    .
    2011-03-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-1708537768-1417001333-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
    .
    2011-03-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-1708537768-1417001333-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
    .
    2011-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-1708537768-1417001333-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
    .
    2011-03-28 c:\windows\Tasks\User_Feed_Synchronization-{0323B0BF-20C8-474E-A73C-6D6AE04335A1}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZJxdm1287Fus&ptb=3E.coohHuEGp0IKy5WWMgA
    uInternet Connection Wizard,ShellNext = iexplore
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with Xilisoft YouTube Video Converter - c:\program files\Xilisoft\YouTube Video Converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\OWNER\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to iPod Converter - c:\documents and settings\OWNER\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\OWNER\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-27 19:30
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2076)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\HPZipm12.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-27 19:37:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-28 00:37
    ComboFix2.txt 2011-03-27 18:23
    .
    Pre-Run: 22,343,823,360 bytes free
    Post-Run: 22,334,803,968 bytes free
    .
    - - End Of File - - 1FF3FFE50FDBD69CB03A9B328B59D12A
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    so far it doesnt seem to be redirecting but it takes longer than usual for the page to load
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Browser page?
    We'll see how it goes, when we're done.
     
  21. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    btw i did re-enable the antivirus i dnt know if it was supposed to be disabled during the scan
     
  22. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    OTL logfile created on: 3/27/2011 8:10:34 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\OWNER\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 20.82 Gb Free Space | 27.94% Space Free | Partition Type: NTFS

    Computer Name: EDGAR | User Name: OWNER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/27 20:08:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
    PRC - [2011/03/18 12:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/18 00:19:45 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2002/12/31 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/27 20:08:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
    MOD - [2010/11/18 00:20:30 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/03/27 19:43:54 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E3ABDDC-3F76-4B88-8DA4-406B0FB99AFF}\MpKsl4f77c803.sys -- (MpKsl4f77c803)
    DRV - [2006/11/02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
    DRV - [2006/10/29 10:16:42 | 000,424,320 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/10/29 10:16:24 | 000,156,160 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2006/10/29 10:13:26 | 000,732,928 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 35 7D 15 78 1F 8C 47 AA 3B 09 0B FC 49 AC 65 [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 35 7D 15 78 1F 8C 47 AA 3B 09 0B FC 49 AC 65 [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 35 7D 15 78 1F 8C 47 AA 3B 09 0B FC 49 AC 65 [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 35 7D 15 78 1F 8C 47 AA 3B 09 0B FC 49 AC 65 [binary data]

    IE - HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZJxdm1287Fus&ptb=3E.coohHuEGp0IKy5WWMgA
    IE - HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 38 FF 0C 53 36 CA 01 [binary data]
    IE - HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 35 7D 15 78 1F 8C 47 AA 3B 09 0B FC 49 AC 65 [binary data]
    IE - HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {6f6ff0e4-8823-4bc8-b08c-3beea33f0e83}:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/18 00:20:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 21:41:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 06:23:47 | 000,000,000 | ---D | M]

    [2009/11/22 21:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions
    [2009/11/22 21:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/03/22 19:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\extensions
    [2011/03/21 22:36:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2010/09/06 14:06:57 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\searchplugins\askcom.xml
    [2011/02/26 17:09:20 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\searchplugins\mywebsearch.xml
    [2011/03/23 21:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/20 21:31:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    File not found (No name found) --
    [2010/11/18 00:20:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2008/11/26 18:50:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2009/08/11 10:29:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/08/13 15:23:16 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/03/27 19:30:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM ()
    O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\OWNER\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
    O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Documents and Settings\OWNER\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\OWNER\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
    O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227744156718 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1256139901500 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/11/26 17:18:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
    Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/27 17:37:22 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OWNER\Desktop\TDSSKiller.exe
    [2011/03/27 13:09:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/03/27 13:05:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/03/27 13:05:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/03/27 13:05:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/03/27 13:05:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/03/27 13:00:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/03/27 12:56:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/26 16:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\Gmer
    [2011/03/25 22:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/03/25 22:35:20 | 000,000,000 | ---D | C] -- C:\d3ed072d3bf43ec985356ea4
    [2011/03/24 21:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\QuuSoft
    [2011/03/20 19:27:48 | 000,000,000 | ---D | C] -- C:\ConverterOutput
    [2011/03/20 19:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\My Documents\Cucusoft
    [2011/03/20 19:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Cucusoft
    [2011/03/17 18:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\AeriaGames
    [2011/03/17 18:16:01 | 000,000,000 | ---D | C] -- C:\AeriaGames
    [2011/03/17 00:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\WMTools Downloaded Files
    [2011/03/16 23:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\My Documents\NeroVision
    [2011/02/27 01:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\My Documents\Military Athlete
    [2011/02/25 21:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/02/25 21:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\HiJackThis

    ========== Files - Modified Within 30 Days ==========

    [2011/03/27 20:10:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-1708537768-1417001333-1005.job
    [2011/03/27 20:10:37 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-1708537768-1417001333-1005.job
    [2011/03/27 20:02:42 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0323B0BF-20C8-474E-A73C-6D6AE04335A1}.job
    [2011/03/27 19:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/27 19:35:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/03/27 19:30:55 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/27 19:30:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/03/27 19:30:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/27 19:30:16 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-1708537768-1417001333-500.job
    [2011/03/27 19:30:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/27 19:20:50 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Shortcut to ComboFix.lnk
    [2011/03/27 17:31:37 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Shortcut to SystemLook.lnk
    [2011/03/27 13:09:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/03/26 23:55:57 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Microsoft Office Word 2007.lnk
    [2011/03/26 13:34:24 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\HiJackThis.lnk
    [2011/03/26 01:20:19 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2011/03/25 06:21:09 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-1708537768-1417001333-500.job
    [2011/03/24 06:23:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/03/23 21:41:13 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/03/23 21:41:13 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/03/23 20:33:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/03/22 17:37:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/03/22 12:51:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/03/22 12:24:09 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/21 22:57:23 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Free YouTube to MP3 Converter.lnk
    [2011/03/21 22:36:32 | 000,001,063 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Free YouTube to iPod Converter.lnk
    [2011/03/20 18:36:42 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/03/20 18:36:42 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/03/17 18:24:37 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Grand Fantasia.lnk
    [2011/03/12 10:23:01 | 795,911,552 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\grandfantasia_install_20101210.exe
    [2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OWNER\Desktop\TDSSKiller.exe
    [2011/02/26 22:40:59 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\OWNER\jagex_runescape_preferences2.dat
    [2011/02/26 22:03:23 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\OWNER\jagex_runescape_preferences.dat

    ========== Files Created - No Company Name ==========

    [2011/03/27 19:20:50 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Shortcut to ComboFix.lnk
    [2011/03/27 17:31:37 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Shortcut to SystemLook.lnk
    [2011/03/27 13:54:12 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-1708537768-1417001333-1005.job
    [2011/03/27 13:54:11 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-1708537768-1417001333-1005.job
    [2011/03/27 13:09:32 | 000,000,210 | ---- | C] () -- C:\Boot.bak
    [2011/03/27 13:09:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/03/27 13:05:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/03/27 13:05:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/03/27 13:05:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/03/27 13:05:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/03/27 13:05:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/03/25 22:42:18 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/03/25 22:37:30 | 000,002,198 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2011/03/25 22:36:51 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/03/23 21:41:13 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/03/23 21:41:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/03/21 22:57:23 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Free YouTube to MP3 Converter.lnk
    [2011/03/21 22:36:32 | 000,001,063 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Free YouTube to iPod Converter.lnk
    [2011/03/20 19:27:28 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
    [2011/03/20 19:27:26 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
    [2011/03/17 18:24:37 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Grand Fantasia.lnk
    [2011/03/06 19:34:53 | 795,911,552 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\grandfantasia_install_20101210.exe
    [2011/02/25 21:04:21 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\HiJackThis.lnk
    [2011/02/17 18:53:42 | 000,010,588 | R--- | C] () -- C:\WINDOWS\System32\drivers\mpfilt.sys
    [2011/02/15 20:14:56 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/21 20:47:49 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\OWNER\Application Data\start_pal
    [2010/10/14 21:02:00 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/10/07 20:57:13 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2010/10/07 20:57:12 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
    [2010/07/27 17:44:18 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2010/05/18 20:52:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/03/16 00:09:00 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
    [2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
    [2010/03/02 19:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/03/02 19:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2010/03/02 19:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2010/03/02 19:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2010/03/02 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2010/03/02 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
    [2010/03/02 19:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2010/03/02 19:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2010/03/02 19:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2010/03/02 19:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2010/03/02 19:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2010/03/02 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
    [2010/03/02 19:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2010/03/02 19:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2010/03/02 19:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/12/14 18:43:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/12/01 00:12:51 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2009/12/01 00:12:47 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2009/12/01 00:11:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2009/11/29 22:04:55 | 000,112,898 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
    [2009/11/29 22:04:55 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
    [2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
    [2009/11/14 13:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
    [2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
    [2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
    [2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
    [2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
    [2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
    [2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
    [2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
    [2009/11/14 13:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
    [2009/11/14 13:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
    [2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
    [2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
    [2009/10/20 16:21:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2009/09/19 13:55:29 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/05/06 15:13:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
    [2008/11/26 18:50:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/11/26 18:45:08 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
    [2008/11/26 18:26:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/11/26 17:20:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/11/26 17:15:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/11/26 11:08:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/11/26 11:07:54 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
    [2002/12/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/12/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2002/12/31 07:00:00 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2002/12/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2002/12/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2002/12/31 07:00:00 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2002/12/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2002/12/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2002/12/31 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2002/12/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/12/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2002/12/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2008/11/26 18:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
    [2010/05/01 12:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA3DeployClient
    [2009/04/03 14:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD X Studios
    [2010/05/05 16:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    [2009/12/31 00:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
    [2009/12/31 00:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2010/12/05 21:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/04/03 16:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/12 01:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/15 17:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/08/11 10:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/04/13 23:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Ceedo
    [2010/09/23 16:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\CheeseSoft
    [2010/03/03 18:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/03/21 22:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\DVDVideoSoftIEHelpers
    [2010/03/16 00:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FrostWire
    [2010/03/22 22:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Image Zone Express
    [2010/10/02 20:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\IObit
    [2011/03/24 21:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\QuuSoft
    [2011/03/05 23:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Sony Online Entertainment
    [2011/02/25 18:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Tific
    [2010/05/17 21:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Xilisoft
    [2011/03/27 19:35:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011/03/27 20:02:42 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0323B0BF-20C8-474E-A73C-6D6AE04335A1}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/11/26 17:18:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/21 21:35:37 | 000,000,210 | ---- | M] () -- C:\Boot.bak
    [2011/03/27 13:09:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/03/27 19:37:23 | 000,017,470 | ---- | M] () -- C:\ComboFix.txt
    [2008/11/26 17:18:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/11/26 17:18:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/11/26 17:18:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2002/12/31 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2002/12/31 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/27 19:30:11 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2009/01/09 11:08:52 | 000,001,024 | ---- | M] () -- C:\Reserve.img
    [2011/03/27 17:43:01 | 000,036,056 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_27.03.2011_17.37.58_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/11/26 17:17:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/11/26 11:06:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/11/26 11:06:28 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/11/26 11:06:27 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/11/26 17:18:07 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/04/03 15:07:47 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/04/03 15:07:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2009/01/09 11:08:44 | 000,032,768 | R--- | M] () -- C:\Documents and Settings\OWNER\Desktop\AlcFmt.exe
    [2010/05/24 21:14:03 | 1027,471,712 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Combatarms_US_VER_2.1004.05.exe
    [2011/03/12 10:23:01 | 795,911,552 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\grandfantasia_install_20101210.exe
    [2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OWNER\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/04/03 15:07:47 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\OWNER\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/03/27 20:10:36 | 000,311,296 | ---- | M] () -- C:\Documents and Settings\OWNER\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2002/12/31 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/12/31 07:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/03 00:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 06:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/12/31 07:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/12/31 07:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/12/31 07:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/03 00:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/03 00:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    < End of report >
     
  23. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    OTL Extras logfile created on: 3/27/2011 8:10:34 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\OWNER\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 20.82 Gb Free Space | 27.94% Space Free | Partition Type: NTFS

    Computer Name: EDGAR | User Name: OWNER | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "58557:TCP" = 58557:TCP:*:Enabled:pando Media Booster
    "58557:UDP" = 58557:UDP:*:Enabled:pando Media Booster
    "56131:TCP" = 56131:TCP:*:Enabled:pando Media Booster
    "56131:UDP" = 56131:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "58557:TCP" = 58557:TCP:*:Disabled:pando Media Booster
    "58557:UDP" = 58557:UDP:*:Disabled:pando Media Booster
    "56131:TCP" = 56131:TCP:*:Disabled:pando Media Booster
    "56131:UDP" = 56131:UDP:*:Disabled:pando Media Booster
    "1037:TCP" = 1037:TCP:*:Disabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Disabled:Akamai NetSession Interface

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
    "C:\Documents and Settings\OWNER\My Documents\Downloads\VideoConverter_Setup.exe" = C:\Documents and Settings\OWNER\My Documents\Downloads\VideoConverter_Setup.exe:*:Enabled:Video Converter -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
    "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
    "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
    "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
    "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
    "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
    "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
    "{8465C367-67A7-4CB4-A501-E0182AF9167F}" = Fiesta
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
    "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
    "{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
    "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
    "{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
    "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FCF2A735-3324-4D97-ADAD-4FF865CC05EB}_is1" = Final Uninstaller
    "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DivX Setup.divx.com" = DivX Setup
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
    "Free Studio_is1" = Free Studio version 4.8
    "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9.31.305
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
    "Grand Fantasia" = Grand Fantasia
    "HP Imaging Device Functions" = HP Imaging Device Functions 5.3
    "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
    "HPExtendedCapabilities" = HP Extended Capabilities 5.3
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
    "Messenger Plus! Live" = Messenger Plus! Live
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Picasa 3" = Picasa 3
    "RealPlayer 12.0" = RealPlayer
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xilisoft YouTube Video Converter" = Xilisoft YouTube Video Converter

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Free Realms Installer" = Free Realms Installer
    "SOE-Free Realms" = Free Realms

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/26/2011 2:43:48 PM | Computer Name = EDGAR | Source = Symantec AntiVirus | ID = 16711725
    Description =

    Error - 3/26/2011 2:43:48 PM | Computer Name = EDGAR | Source = Symantec AntiVirus | ID = 16711725
    Description =

    Error - 3/26/2011 2:43:48 PM | Computer Name = EDGAR | Source = Symantec AntiVirus | ID = 16711725
    Description =

    Error - 3/26/2011 2:43:48 PM | Computer Name = EDGAR | Source = Symantec AntiVirus | ID = 16711725
    Description =

    Error - 3/26/2011 2:43:48 PM | Computer Name = EDGAR | Source = Symantec AntiVirus | ID = 16711725
    Description =

    Error - 3/26/2011 2:43:48 PM | Computer Name = EDGAR | Source = Symantec AntiVirus | ID = 16711725
    Description =

    Error - 3/26/2011 2:43:48 PM | Computer Name = EDGAR | Source = Symantec AntiVirus | ID = 16711725
    Description =

    Error - 3/26/2011 2:43:48 PM | Computer Name = EDGAR | Source = Symantec AntiVirus | ID = 16711725
    Description =

    Error - 3/26/2011 2:43:48 PM | Computer Name = EDGAR | Source = Symantec AntiVirus | ID = 16711725
    Description =

    Error - 3/27/2011 2:07:53 PM | Computer Name = EDGAR | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 2.0.0.4094, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ OSession Events ]
    Error - 2/25/2010 2:12:17 AM | Computer Name = EDGAR | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 725
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 3/16/2010 5:15:20 AM | Computer Name = EDGAR | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 456
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 4/4/2010 11:35:13 PM | Computer Name = EDGAR | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 360
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 4/13/2010 5:59:30 PM | Computer Name = EDGAR | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 554
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 3/26/2011 2:43:43 PM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7034
    Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 3/26/2011 2:43:43 PM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7034
    Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/26/2011 2:43:46 PM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7031
    Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    10000 milliseconds: Restart the service.

    Error - 3/26/2011 2:43:47 PM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 3/26/2011 5:09:55 PM | Computer Name = EDGAR | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 3/26/2011 5:10:37 PM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    eeCtrl Fips intelppm MpFilter SAVRT SAVRTPEL SPBBCDrv SYMTDI

    Error - 3/26/2011 7:17:54 PM | Computer Name = EDGAR | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 3/27/2011 1:19:38 PM | Computer Name = EDGAR | Source = SideBySide | ID = 16842784
    Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
    Last Error was The referenced assembly is not installed on your system.

    Error - 3/27/2011 1:19:38 PM | Computer Name = EDGAR | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
    error message: The referenced assembly is not installed on your system. .

    Error - 3/27/2011 1:19:38 PM | Computer Name = EDGAR | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
    Reference
    error message: The operation completed successfully. .


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...uEGp0IKy5WWMgA
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      [2010/09/06 14:06:57 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\searchplugins\askcom.xml
      [2011/02/26 17:09:20 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\searchplugins\mywebsearch.xml
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. elvispacman

    elvispacman TS Rookie Topic Starter Posts: 32

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-1454471165-1708537768-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.order.1
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\searchplugins\askcom.xml moved successfully.
    C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\8p3jaudc.default\searchplugins\mywebsearch.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
    Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 3786 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: OWNER
    ->Temp folder emptied: 10178039 bytes
    ->Temporary Internet Files folder emptied: 5396381 bytes
    ->Java cache emptied: 16890 bytes
    ->FireFox cache emptied: 69705530 bytes
    ->Flash cache emptied: 39782 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2606 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 81.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: OWNER
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03272011_203601

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...