TechSpot

One large rat trap please

Solved
By SledgeProne
Nov 24, 2012
  1. Yesterday, my system began hanging on various tasks and duties, coupled with freezing webpages. An updated scan of Malwarebytes initially netted some nefarious clutter, but the cleansing produced no significant improvements in performance.
    Unsure of whether it was malware related, I cleaned up resources with Tuneup Utilities, while I sought an alternate opinion of viral analysis from HouseCall.
    Meanwhile, Malwarebytes was returning negative scans for any high profile threats. This, in stark contrast to diminishing system performance, and responsiveness. HouseCall however, found no offending threats.
    Convinced a hijacker was nevertheless aboard, and simply evading detection, I downloaded the latest TDSSKiller,which unearthed a rootkit. Despite efforts to disinfect, it was back this evening, in a return engagement, which consequently has returned me to your doorstep, seeking a rat trap.
    23:51:02.0046 5320 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    23:51:02.0984 5320 ============================================================
    23:51:02.0984 5320 Current date / time: 2012/11/23 23:51:02.0984
    23:51:02.0984 5320 SystemInfo:
    23:51:02.0984 5320
    23:51:02.0984 5320 OS Version: 5.1.2600 ServicePack: 3.0
    23:51:02.0984 5320 Product type: Workstation
    23:51:02.0984 5320 ComputerName: ENDLESS
    23:51:02.0984 5320 UserName: Master Blaster
    23:51:02.0984 5320 Windows directory: C:\WINDOWS
    23:51:02.0984 5320 System windows directory: C:\WINDOWS
    23:51:02.0984 5320 Processor architecture: Intel x86
    23:51:02.0984 5320 Number of processors: 2
    23:51:02.0984 5320 Page size: 0x1000
    23:51:02.0984 5320 Boot type: Normal boot
    23:51:02.0984 5320 ============================================================
    23:51:04.0593 5320 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    23:51:04.0609 5320 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    23:51:04.0656 5320 ============================================================
    23:51:04.0656 5320 \Device\Harddisk0\DR0:
    23:51:04.0656 5320 MBR partitions:
    23:51:04.0656 5320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
    23:51:04.0656 5320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0x4754A6BD
    23:51:04.0656 5320 \Device\Harddisk1\DR1:
    23:51:04.0656 5320 MBR partitions:
    23:51:04.0656 5320 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
    23:51:04.0656 5320 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12A14C00, BlocksNum 0x12A18AC1
    23:51:04.0656 5320 ============================================================
    23:51:04.0687 5320 C: <-> \Device\Harddisk0\DR0\Partition1
    23:51:04.0843 5320 E: <-> \Device\Harddisk1\DR1\Partition1
    23:51:05.0078 5320 F: <-> \Device\Harddisk1\DR1\Partition2
    23:51:05.0484 5320 G: <-> \Device\Harddisk0\DR0\Partition2
    23:51:05.0484 5320 ============================================================
    23:51:05.0484 5320 Initialize success
    23:51:05.0484 5320 ============================================================
    23:51:08.0843 4220 ============================================================
    23:51:08.0843 4220 Scan started
    23:51:08.0843 4220 Mode: Manual;
    23:51:08.0843 4220 ============================================================
    23:51:11.0890 4220 ================ Scan system memory ========================
    23:51:11.0906 4220 System memory - ok
    23:51:11.0906 4220 ================ Scan services =============================
    23:51:12.0015 4220 Abiosdsk - ok
    23:51:12.0031 4220 abp480n5 - ok
    23:51:12.0078 4220 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:51:12.0093 4220 ACPI - ok
    23:51:12.0125 4220 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:51:12.0125 4220 ACPIEC - ok
    23:51:12.0203 4220 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    23:51:12.0218 4220 AdobeFlashPlayerUpdateSvc - ok
    23:51:12.0234 4220 adpu160m - ok
    23:51:12.0296 4220 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    23:51:12.0296 4220 aec - ok
    23:51:12.0343 4220 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    23:51:12.0359 4220 AFD - ok
    23:51:12.0359 4220 Aha154x - ok
    23:51:12.0375 4220 aic78u2 - ok
    23:51:12.0375 4220 aic78xx - ok
    23:51:13.0125 4220 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files\common files\akamai/netsession_win_ce5ba24.dll
    23:51:13.0125 4220 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
    23:51:13.0140 4220 Akamai ( HiddenFile.Multi.Generic ) - warning
    23:51:13.0140 4220 Akamai - detected HiddenFile.Multi.Generic (1)
    23:51:13.0156 4220 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    23:51:13.0187 4220 Alerter - ok
    23:51:13.0203 4220 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    23:51:13.0203 4220 ALG - ok
    23:51:13.0203 4220 AliIde - ok
    23:51:13.0203 4220 amsint - ok
    23:51:13.0218 4220 ANC - ok
    23:51:13.0250 4220 [ 1BF91F352D746AD7469FA71783B5FAE8 ] APLMp50 C:\WINDOWS\system32\Drivers\APLMp50.sys
    23:51:13.0250 4220 APLMp50 - ok
    23:51:13.0328 4220 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:51:13.0343 4220 Apple Mobile Device - ok
    23:51:13.0375 4220 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    23:51:13.0390 4220 AppMgmt - ok
    23:51:13.0390 4220 asc - ok
    23:51:13.0406 4220 asc3350p - ok
    23:51:13.0406 4220 asc3550 - ok
    23:51:13.0406 4220 ashampoodefragservice - ok
    23:51:13.0500 4220 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    23:51:13.0500 4220 aspnet_state - ok
    23:51:13.0546 4220 [ 0C83FC56707BF68DB04947052A8188B1 ] ASTSRV C:\WINDOWS\system32\ASTSRV.EXE
    23:51:13.0546 4220 ASTSRV - ok
    23:51:13.0578 4220 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:51:13.0578 4220 AsyncMac - ok
    23:51:13.0593 4220 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:51:13.0593 4220 atapi - ok
    23:51:13.0593 4220 Atdisk - ok
    23:51:13.0687 4220 [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    23:51:13.0750 4220 Ati HotKey Poller - ok
    23:51:14.0468 4220 [ C832BF76F003999D2E91E5115583C69E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    23:51:15.0203 4220 ati2mtag - ok
    23:51:15.0250 4220 [ 0D6B8359677D05142B624F09C28D643A ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
    23:51:15.0250 4220 AtiHDAudioService - ok
    23:51:15.0265 4220 atinevxx - ok
    23:51:15.0281 4220 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:51:15.0281 4220 Atmarpc - ok
    23:51:15.0312 4220 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    23:51:15.0312 4220 AudioSrv - ok
    23:51:15.0343 4220 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:51:15.0359 4220 audstub - ok
    23:51:15.0375 4220 bc_pat_f - ok
    23:51:15.0390 4220 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    23:51:15.0390 4220 Beep - ok
    23:51:15.0468 4220 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:51:15.0515 4220 Bonjour Service - ok
    23:51:15.0562 4220 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    23:51:15.0578 4220 Browser - ok
    23:51:15.0687 4220 catchme - ok
    23:51:15.0718 4220 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:51:15.0718 4220 cbidf2k - ok
    23:51:15.0734 4220 ccproxy - ok
    23:51:15.0734 4220 cd20xrnt - ok
    23:51:15.0750 4220 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:51:15.0750 4220 Cdaudio - ok
    23:51:15.0781 4220 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    23:51:15.0781 4220 Cdfs - ok
    23:51:15.0828 4220 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:51:15.0828 4220 Cdrom - ok
    23:51:15.0828 4220 Changer - ok
    23:51:15.0843 4220 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
    23:51:15.0843 4220 cisvc - ok
    23:51:15.0859 4220 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    23:51:15.0859 4220 ClipSrv - ok
    23:51:15.0890 4220 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:51:15.0906 4220 clr_optimization_v2.0.50727_32 - ok
    23:51:15.0984 4220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:51:16.0000 4220 clr_optimization_v4.0.30319_32 - ok
    23:51:16.0000 4220 CmdIde - ok
    23:51:16.0000 4220 COMSysApp - ok
    23:51:16.0015 4220 Cpqarray - ok
    23:51:16.0031 4220 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    23:51:16.0046 4220 CryptSvc - ok
    23:51:16.0046 4220 ctdvda2k - ok
    23:51:16.0046 4220 ctxcpubal - ok
    23:51:16.0046 4220 dac2w2k - ok
    23:51:16.0062 4220 dac960nt - ok
    23:51:16.0125 4220 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    23:51:16.0250 4220 DcomLaunch - ok
    23:51:16.0281 4220 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    23:51:16.0281 4220 Dhcp - ok
    23:51:16.0312 4220 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    23:51:16.0312 4220 Disk - ok
    23:51:16.0312 4220 dmadmin - ok
    23:51:16.0406 4220 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    23:51:16.0515 4220 dmboot - ok
    23:51:16.0546 4220 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    23:51:16.0562 4220 dmio - ok
    23:51:16.0578 4220 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    23:51:16.0578 4220 dmload - ok
    23:51:16.0593 4220 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    23:51:16.0593 4220 dmserver - ok
    23:51:16.0625 4220 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    23:51:16.0640 4220 DMusic - ok
    23:51:16.0656 4220 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    23:51:16.0656 4220 Dnscache - ok
    23:51:16.0687 4220 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    23:51:16.0703 4220 Dot3svc - ok
    23:51:16.0718 4220 dpti2o - ok
    23:51:16.0750 4220 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    23:51:16.0750 4220 drmkaud - ok
    23:51:16.0765 4220 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    23:51:16.0781 4220 EapHost - ok
    23:51:16.0781 4220 ENTECH - ok
    23:51:16.0796 4220 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    23:51:16.0796 4220 ERSvc - ok
    23:51:16.0828 4220 [ EADA995E71211537FB3726C700AF6FAC ] EUBAKUP C:\WINDOWS\system32\drivers\eubakup.sys
    23:51:16.0828 4220 EUBAKUP - ok
    23:51:16.0859 4220 [ 37ABA51F85518FC381CEFC8D76F2E2C4 ] EuDisk C:\WINDOWS\system32\DRIVERS\EuDisk.sys
    23:51:16.0875 4220 EuDisk - ok
    23:51:16.0875 4220 [ CB41E20CE4A32584EA592F07F5DA12C5 ] EUDSKACS C:\WINDOWS\system32\drivers\eudskacs.sys
    23:51:16.0875 4220 EUDSKACS - ok
    23:51:16.0890 4220 [ A08E9E711CD7661D7C3F19EE638102C2 ] EUFS C:\WINDOWS\system32\drivers\eufs.sys
    23:51:16.0890 4220 EUFS - ok
    23:51:16.0937 4220 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    23:51:16.0937 4220 Eventlog - ok
    23:51:17.0000 4220 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    23:51:17.0015 4220 EventSystem - ok
    23:51:17.0046 4220 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    23:51:17.0093 4220 Fastfat - ok
    23:51:17.0109 4220 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    23:51:17.0125 4220 FastUserSwitchingCompatibility - ok
    23:51:17.0125 4220 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    23:51:17.0140 4220 Fdc - ok
    23:51:17.0156 4220 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    23:51:17.0156 4220 Fips - ok
    23:51:17.0171 4220 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:51:17.0171 4220 Flpydisk - ok
    23:51:17.0203 4220 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    23:51:17.0203 4220 FltMgr - ok
    23:51:17.0265 4220 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    23:51:17.0265 4220 FontCache3.0.0.0 - ok
    23:51:17.0296 4220 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:51:17.0296 4220 Fs_Rec - ok
    23:51:17.0312 4220 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:51:17.0328 4220 Ftdisk - ok
    23:51:17.0328 4220 G400DH - ok
    23:51:17.0328 4220 GMSIPCI - ok
    23:51:17.0343 4220 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:51:17.0343 4220 Gpc - ok
    23:51:17.0437 4220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    23:51:17.0453 4220 gupdate - ok
    23:51:17.0468 4220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    23:51:17.0468 4220 gupdatem - ok
    23:51:17.0515 4220 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    23:51:17.0546 4220 HDAudBus - ok
    23:51:17.0578 4220 helpsvc - ok
    23:51:17.0609 4220 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    23:51:17.0609 4220 HidServ - ok
    23:51:17.0640 4220 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:51:17.0640 4220 HidUsb - ok
    23:51:17.0671 4220 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    23:51:17.0687 4220 hkmsvc - ok
    23:51:17.0687 4220 hpn - ok
    23:51:17.0687 4220 hpqwmiex - ok
    23:51:17.0687 4220 hpt3xx - ok
    23:51:17.0734 4220 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    23:51:17.0765 4220 HTTP - ok
    23:51:17.0796 4220 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    23:51:17.0890 4220 HTTPFilter - ok
    23:51:17.0890 4220 i2omgmt - ok
    23:51:17.0906 4220 i2omp - ok
    23:51:17.0906 4220 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:51:17.0921 4220 i8042prt - ok
    23:51:18.0031 4220 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    23:51:18.0156 4220 idsvc - ok
    23:51:18.0171 4220 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:51:18.0171 4220 Imapi - ok
    23:51:18.0218 4220 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    23:51:18.0234 4220 ImapiService - ok
    23:51:18.0234 4220 ini910u - ok
    23:51:18.0250 4220 IntelIde - ok
    23:51:18.0296 4220 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:51:18.0296 4220 intelppm - ok
    23:51:18.0312 4220 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
    23:51:18.0312 4220 ip6fw - ok
    23:51:18.0328 4220 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:51:18.0328 4220 IpFilterDriver - ok
    23:51:18.0328 4220 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:51:18.0328 4220 IpInIp - ok
    23:51:18.0359 4220 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:51:18.0375 4220 IpNat - ok
    23:51:18.0390 4220 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:51:18.0390 4220 IPSec - ok
    23:51:18.0406 4220 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:51:18.0406 4220 IRENUM - ok
    23:51:18.0421 4220 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:51:18.0421 4220 isapnp - ok
    23:51:18.0546 4220 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    23:51:18.0562 4220 JavaQuickStarterService - ok
    23:51:18.0562 4220 k750mgmt - ok
    23:51:18.0593 4220 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:51:18.0593 4220 Kbdclass - ok
    23:51:18.0609 4220 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    23:51:18.0609 4220 kbdhid - ok
    23:51:18.0640 4220 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    23:51:18.0656 4220 kmixer - ok
    23:51:18.0671 4220 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    23:51:18.0687 4220 KSecDD - ok
    23:51:18.0718 4220 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    23:51:18.0734 4220 lanmanserver - ok
    23:51:18.0781 4220 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    23:51:18.0812 4220 lanmanworkstation - ok
    23:51:18.0828 4220 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
    23:51:18.0843 4220 LBeepKE - ok
    23:51:18.0843 4220 lbrtfdc - ok
    23:51:18.0953 4220 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    23:51:18.0984 4220 LBTServ - ok
    23:51:19.0015 4220 [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
    23:51:19.0015 4220 LEqdUsb - ok
    23:51:19.0046 4220 [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
    23:51:19.0046 4220 LHidEqd - ok
    23:51:19.0078 4220 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    23:51:19.0093 4220 LHidFilt - ok
    23:51:19.0125 4220 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    23:51:19.0125 4220 LmHosts - ok
    23:51:19.0140 4220 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    23:51:19.0140 4220 LMouFilt - ok
    23:51:19.0156 4220 ltmodem5 - ok
    23:51:19.0156 4220 lvpopflt - ok
    23:51:19.0156 4220 lxcf_device - ok
    23:51:19.0187 4220 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    23:51:19.0187 4220 MBAMProtector - ok
    23:51:19.0265 4220 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    23:51:19.0328 4220 MBAMScheduler - ok
    23:51:19.0437 4220 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    23:51:19.0515 4220 MBAMService - ok
    23:51:19.0562 4220 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    23:51:19.0562 4220 Messenger - ok
    23:51:19.0578 4220 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    23:51:19.0578 4220 mnmdd - ok
    23:51:19.0609 4220 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
    23:51:19.0609 4220 mnmsrvc - ok
    23:51:19.0625 4220 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    23:51:19.0625 4220 Modem - ok
    23:51:19.0671 4220 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:51:19.0671 4220 Mouclass - ok
    23:51:19.0687 4220 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:51:19.0687 4220 mouhid - ok
    23:51:19.0734 4220 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    23:51:19.0734 4220 MountMgr - ok
    23:51:19.0781 4220 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    23:51:19.0796 4220 MozillaMaintenance - ok
    23:51:19.0796 4220 mraid35x - ok
    23:51:19.0828 4220 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:51:19.0843 4220 MRxDAV - ok
    23:51:19.0921 4220 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:51:19.0968 4220 MRxSmb - ok
    23:51:20.0000 4220 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
    23:51:20.0015 4220 MSDTC - ok
    23:51:20.0015 4220 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    23:51:20.0015 4220 Msfs - ok
    23:51:20.0031 4220 MSIServer - ok
    23:51:20.0062 4220 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:51:20.0078 4220 MSKSSRV - ok
    23:51:20.0078 4220 MSMQ - ok
    23:51:20.0109 4220 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:51:20.0109 4220 MSPCLOCK - ok
    23:51:20.0140 4220 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    23:51:20.0140 4220 MSPQM - ok
    23:51:20.0156 4220 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:51:20.0156 4220 mssmbios - ok
    23:51:20.0187 4220 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    23:51:20.0203 4220 Mup - ok
    23:51:20.0265 4220 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    23:51:20.0296 4220 napagent - ok
    23:51:20.0328 4220 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    23:51:20.0343 4220 NDIS - ok
    23:51:20.0390 4220 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:51:20.0390 4220 NdisTapi - ok
    23:51:20.0406 4220 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:51:20.0406 4220 Ndisuio - ok
    23:51:20.0437 4220 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:51:20.0437 4220 NdisWan - ok
    23:51:20.0453 4220 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    23:51:20.0468 4220 NDProxy - ok
    23:51:20.0484 4220 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:51:20.0484 4220 NetBIOS - ok
    23:51:20.0515 4220 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:51:20.0546 4220 NetBT - ok
    23:51:20.0578 4220 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    23:51:20.0593 4220 NetDDE - ok
    23:51:20.0609 4220 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    23:51:20.0609 4220 NetDDEdsdm - ok
    23:51:20.0640 4220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    23:51:20.0640 4220 Netlogon - ok
    23:51:20.0671 4220 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    23:51:20.0687 4220 Netman - ok
    23:51:20.0734 4220 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:51:20.0750 4220 NetTcpPortSharing - ok
    23:51:20.0781 4220 [ 13EC0B1767DBFBC3A6C89EECB0B84F34 ] networx C:\WINDOWS\system32\drivers\networx.sys
    23:51:20.0781 4220 networx - ok
    23:51:20.0828 4220 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    23:51:20.0843 4220 Nla - ok
    23:51:20.0890 4220 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys
    23:51:20.0890 4220 NPF - ok
    23:51:20.0906 4220 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    23:51:20.0906 4220 Npfs - ok
    23:51:20.0968 4220 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    23:51:21.0015 4220 Ntfs - ok
    23:51:21.0015 4220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
    23:51:21.0015 4220 NtLmSsp - ok
    23:51:21.0078 4220 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    23:51:21.0156 4220 NtmsSvc - ok
    23:51:21.0203 4220 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    23:51:21.0203 4220 NuidFltr - ok
    23:51:21.0218 4220 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    23:51:21.0218 4220 Null - ok
    23:51:21.0250 4220 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    23:51:21.0250 4220 NVENETFD - ok
    23:51:21.0328 4220 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    23:51:21.0328 4220 nvnetbus - ok
    23:51:21.0375 4220 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:51:21.0375 4220 NwlnkFlt - ok
    23:51:21.0390 4220 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:51:21.0390 4220 NwlnkFwd - ok
    23:51:21.0390 4220 ofcpfwsvc - ok
    23:51:21.0406 4220 ovt519 - ok
    23:51:21.0421 4220 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    23:51:21.0437 4220 Parport - ok
    23:51:21.0437 4220 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    23:51:21.0437 4220 PartMgr - ok
    23:51:21.0468 4220 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    23:51:21.0468 4220 ParVdm - ok
    23:51:21.0468 4220 pav_security - ok
    23:51:21.0515 4220 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    23:51:21.0531 4220 PCI - ok
    23:51:21.0531 4220 PCIDump - ok
    23:51:21.0562 4220 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:51:21.0578 4220 PCIIde - ok
    23:51:21.0593 4220 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:51:21.0609 4220 Pcmcia - ok
    23:51:21.0609 4220 PDCOMP - ok
    23:51:21.0609 4220 PDFRAME - ok
    23:51:21.0625 4220 pdlnatdl - ok
    23:51:21.0625 4220 PDRELI - ok
    23:51:21.0625 4220 PDRFRAME - ok
    23:51:21.0640 4220 perc2 - ok
    23:51:21.0640 4220 perc2hib - ok
    23:51:21.0671 4220 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    23:51:21.0671 4220 PlugPlay - ok
    23:51:21.0671 4220 pneclo - ok
    23:51:21.0718 4220 [ E5582E43E167CF367757D81E9727DA2A ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
    23:51:21.0718 4220 Point32 - ok
    23:51:21.0718 4220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    23:51:21.0718 4220 PolicyAgent - ok
    23:51:21.0750 4220 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:51:21.0750 4220 PptpMiniport - ok
    23:51:21.0750 4220 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
    23:51:21.0765 4220 Processor - ok
    23:51:21.0765 4220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    23:51:21.0765 4220 ProtectedStorage - ok
    23:51:21.0765 4220 protectionservice - ok
    23:51:21.0781 4220 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    23:51:21.0796 4220 PSched - ok
    23:51:21.0796 4220 PSSdk21 - ok
    23:51:21.0812 4220 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:51:21.0812 4220 Ptilink - ok
    23:51:21.0828 4220 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:51:21.0843 4220 PxHelp20 - ok
    23:51:21.0843 4220 ql1080 - ok
    23:51:21.0843 4220 Ql10wnt - ok
    23:51:21.0843 4220 ql12160 - ok
    23:51:21.0859 4220 ql1240 - ok
    23:51:21.0875 4220 ql1280 - ok
    23:51:21.0890 4220 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:51:21.0890 4220 RasAcd - ok
    23:51:21.0921 4220 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    23:51:21.0937 4220 RasAuto - ok
    23:51:21.0953 4220 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:51:21.0953 4220 Rasl2tp - ok
    23:51:22.0015 4220 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    23:51:22.0031 4220 RasMan - ok
    23:51:22.0046 4220 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:51:22.0046 4220 RasPppoe - ok
    23:51:22.0046 4220 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:51:22.0046 4220 Raspti - ok
    23:51:22.0078 4220 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:51:22.0093 4220 Rdbss - ok
    23:51:22.0093 4220 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:51:22.0093 4220 RDPCDD - ok
    23:51:22.0125 4220 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:51:22.0156 4220 rdpdr - ok
    23:51:22.0187 4220 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    23:51:22.0203 4220 RDPWD - ok
    23:51:22.0265 4220 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    23:51:22.0281 4220 RDSessMgr - ok
    23:51:22.0312 4220 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:51:22.0312 4220 redbook - ok
    23:51:22.0359 4220 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    23:51:22.0359 4220 RemoteAccess - ok
    23:51:22.0375 4220 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    23:51:22.0390 4220 RemoteRegistry - ok
    23:51:22.0390 4220 rismxdp - ok
    23:51:22.0453 4220 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
    23:51:22.0468 4220 rpcapd - ok
    23:51:22.0484 4220 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
    23:51:22.0484 4220 RpcLocator - ok
    23:51:22.0546 4220 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    23:51:22.0546 4220 RpcSs - ok
    23:51:22.0593 4220 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
    23:51:22.0609 4220 RSVP - ok
    23:51:22.0609 4220 s116obex - ok
    23:51:22.0656 4220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    23:51:22.0656 4220 SamSs - ok
    23:51:22.0718 4220 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    23:51:22.0718 4220 SASDIFSV - ok
    23:51:22.0734 4220 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    23:51:22.0734 4220 SASKUTIL - ok
    23:51:22.0765 4220 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    23:51:22.0781 4220 SCardSvr - ok
    23:51:22.0812 4220 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    23:51:22.0843 4220 Schedule - ok
    23:51:22.0859 4220 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:51:22.0875 4220 Secdrv - ok
    23:51:22.0906 4220 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    23:51:22.0906 4220 seclogon - ok
    23:51:22.0937 4220 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    23:51:22.0953 4220 SENS - ok
    23:51:22.0953 4220 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    23:51:22.0953 4220 serenum - ok
    23:51:22.0984 4220 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    23:51:22.0984 4220 Serial - ok
    23:51:23.0000 4220 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:51:23.0000 4220 Sfloppy - ok
    23:51:23.0031 4220 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    23:51:23.0031 4220 ShellHWDetection - ok
    23:51:23.0046 4220 Simbad - ok
    23:51:23.0046 4220 Sparrow - ok
    23:51:23.0078 4220 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    23:51:23.0078 4220 splitter - ok
    23:51:23.0109 4220 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    23:51:23.0109 4220 Spooler - ok
    23:51:23.0125 4220 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    23:51:23.0125 4220 sr - ok
    23:51:23.0171 4220 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    23:51:23.0187 4220 srservice - ok
    23:51:23.0296 4220 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    23:51:23.0328 4220 Srv - ok
    23:51:23.0359 4220 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    23:51:23.0359 4220 SSDPSRV - ok
    23:51:23.0531 4220 [ 61536F3D6BA7CE09025D60B3398A8260 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    23:51:23.0718 4220 STHDA - ok
    23:51:23.0765 4220 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    23:51:23.0812 4220 stisvc - ok
    23:51:23.0812 4220 StkASSrv - ok
    23:51:23.0812 4220 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:51:23.0812 4220 swenum - ok
    23:51:23.0828 4220 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    23:51:23.0843 4220 swmidi - ok
    23:51:23.0843 4220 SwPrv - ok
    23:51:23.0843 4220 symc810 - ok
    23:51:23.0859 4220 symc8xx - ok
    23:51:23.0859 4220 sym_hi - ok
    23:51:23.0875 4220 sym_u3 - ok
    23:51:23.0906 4220 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    23:51:23.0906 4220 sysaudio - ok
    23:51:23.0921 4220 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    23:51:23.0937 4220 SysmonLog - ok
    23:51:23.0984 4220 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    23:51:24.0000 4220 TapiSrv - ok
    23:51:24.0046 4220 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:51:24.0093 4220 Tcpip - ok
    23:51:24.0140 4220 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:51:24.0140 4220 TDPIPE - ok
    23:51:24.0171 4220 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    23:51:24.0171 4220 TDTCP - ok
    23:51:24.0203 4220 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:51:24.0203 4220 TermDD - ok
    23:51:24.0250 4220 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    23:51:24.0281 4220 TermService - ok
    23:51:24.0328 4220 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    23:51:24.0328 4220 Themes - ok
    23:51:24.0328 4220 TIEHDUSB - ok
    23:51:24.0359 4220 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
    23:51:24.0359 4220 TlntSvr - ok
    23:51:24.0375 4220 tng-dtmg - ok
    23:51:24.0375 4220 tng-dts - ok
    23:51:24.0375 4220 TosIde - ok
    23:51:24.0421 4220 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    23:51:24.0437 4220 TrkWks - ok
    23:51:24.0500 4220 [ 6A29CD69D1128BDF49A705BEFC614A5B ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
    23:51:24.0531 4220 TuneUp.Defrag - ok
    23:51:24.0609 4220 [ 51EE2913ED525DE18FDA96DCCBC5386A ] TuneUp.ProgramStatisticsSvc C:\WINDOWS\System32\TUProgSt.exe
    23:51:24.0703 4220 TuneUp.ProgramStatisticsSvc - ok
    23:51:24.0718 4220 [ E6D35F3AA51A65EB35C1F2340154A25E ] ubsvve C:\WINDOWS\system32\drivers\tnloa.sys
    23:51:24.0718 4220 ubsvve - ok
    23:51:24.0734 4220 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    23:51:24.0750 4220 Udfs - ok
    23:51:24.0750 4220 ultra - ok
    23:51:24.0750 4220 UPATC - ok
    23:51:24.0828 4220 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    23:51:24.0859 4220 Update - ok
    23:51:24.0890 4220 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    23:51:24.0906 4220 upnphost - ok
    23:51:24.0921 4220 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    23:51:24.0921 4220 UPS - ok
    23:51:24.0968 4220 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    23:51:24.0968 4220 usbaudio - ok
    23:51:25.0000 4220 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
    23:51:25.0000 4220 usbbus - ok
    23:51:25.0031 4220 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:51:25.0031 4220 usbccgp - ok
    23:51:25.0046 4220 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
    23:51:25.0046 4220 UsbDiag - ok
    23:51:25.0078 4220 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:51:25.0078 4220 usbehci - ok
    23:51:25.0109 4220 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:51:25.0125 4220 usbhub - ok
    23:51:25.0140 4220 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
    23:51:25.0140 4220 USBModem - ok
    23:51:25.0171 4220 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
    23:51:25.0171 4220 usbohci - ok
    23:51:25.0203 4220 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:51:25.0203 4220 usbprint - ok
    23:51:25.0234 4220 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:51:25.0250 4220 usbscan - ok
    23:51:25.0250 4220 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:51:25.0265 4220 USBSTOR - ok
    23:51:25.0281 4220 [ 2E2E93041C8058BC7DE6F0D743C4A0C6 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
    23:51:25.0296 4220 UxTuneUp - ok
    23:51:25.0296 4220 vet-filt - ok
    23:51:25.0312 4220 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    23:51:25.0312 4220 VgaSave - ok
    23:51:25.0312 4220 ViaIde - ok
    23:51:25.0359 4220 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    23:51:25.0359 4220 VolSnap - ok
    23:51:25.0406 4220 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    23:51:25.0421 4220 VSS - ok
    23:51:25.0437 4220 vstor2-ws60 - ok
    23:51:25.0500 4220 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    23:51:25.0515 4220 W32Time - ok
    23:51:25.0546 4220 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:51:25.0546 4220 Wanarp - ok
    23:51:25.0625 4220 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    23:51:25.0671 4220 Wdf01000 - ok
    23:51:25.0671 4220 WDICA - ok
    23:51:25.0703 4220 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    23:51:25.0718 4220 wdmaud - ok
    23:51:25.0734 4220 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    23:51:25.0750 4220 WebClient - ok
    23:51:25.0796 4220 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    23:51:25.0812 4220 winmgmt - ok
    23:51:25.0843 4220 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    23:51:25.0859 4220 WinUSB - ok
    23:51:25.0875 4220 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    23:51:25.0890 4220 WmdmPmSN - ok
    23:51:25.0953 4220 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    23:51:26.0015 4220 Wmi - ok
    23:51:26.0015 4220 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    23:51:26.0015 4220 WmiAcpi - ok
    23:51:26.0046 4220 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
    23:51:26.0062 4220 WmiApSrv - ok
    23:51:26.0234 4220 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    23:51:26.0359 4220 WMPNetworkSvc - ok
    23:51:26.0406 4220 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    23:51:26.0406 4220 WpdUsb - ok
    23:51:26.0593 4220 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    23:51:26.0671 4220 WPFFontCache_v0400 - ok
    23:51:26.0687 4220 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    23:51:26.0703 4220 WS2IFSL - ok
    23:51:26.0734 4220 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WUDFPF.SYS
    23:51:26.0734 4220 WudfPf - ok
    23:51:26.0765 4220 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:51:26.0765 4220 WudfRd - ok
    23:51:26.0812 4220 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    23:51:26.0828 4220 WudfSvc - ok
    23:51:26.0828 4220 wwsecsvc - ok
    23:51:26.0890 4220 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    23:51:26.0937 4220 WZCSVC - ok
    23:51:26.0984 4220 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    23:51:27.0000 4220 xmlprov - ok
    23:51:27.0015 4220 zumbus - ok
    23:51:27.0015 4220 ================ Scan global ===============================
    23:51:27.0046 4220 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    23:51:27.0109 4220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    23:51:27.0187 4220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    23:51:27.0218 4220 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    23:51:27.0234 4220 [Global] - ok
    23:51:27.0234 4220 ================ Scan MBR ==================================
    23:51:27.0234 4220 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    23:51:27.0234 4220 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    23:51:27.0265 4220 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    23:51:27.0265 4220 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    23:51:27.0281 4220 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    23:51:27.0656 4220 \Device\Harddisk1\DR1 - ok
    23:51:27.0656 4220 ================ Scan VBR ==================================
    23:51:27.0656 4220 [ 69EED2EF33A11298E239910E24E272B3 ] \Device\Harddisk0\DR0\Partition1
    23:51:27.0656 4220 \Device\Harddisk0\DR0\Partition1 - ok
    23:51:27.0671 4220 [ A49216FCA2A788E234F8FE99B972065F ] \Device\Harddisk0\DR0\Partition2
    23:51:27.0671 4220 \Device\Harddisk0\DR0\Partition2 - ok
    23:51:27.0671 4220 [ A0E19D7F186228B02D332DF17C82E035 ] \Device\Harddisk1\DR1\Partition1
    23:51:27.0671 4220 \Device\Harddisk1\DR1\Partition1 - ok
    23:51:27.0687 4220 [ 88DB4795C5F45EB4FDB0663D0381F632 ] \Device\Harddisk1\DR1\Partition2
    23:51:27.0703 4220 \Device\Harddisk1\DR1\Partition2 - ok
    23:51:27.0703 4220 ============================================================
    23:51:27.0703 4220 Scan finished
    23:51:27.0703 4220 ============================================================
    23:51:27.0703 3492 Detected object count: 2
    23:51:27.0703 3492 Actual detected object count: 2
    23:53:38.0953 3492 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    23:53:38.0953 3492 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    23:53:39.0515 3492 \Device\Harddisk0\DR0\# - copied to quarantine
    23:53:39.0515 3492 \Device\Harddisk0\DR0 - copied to quarantine
    23:53:41.0453 3492 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    23:53:41.0468 3492 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    23:53:41.0468 3492 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    23:53:41.0484 3492 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    23:53:41.0484 3492 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    23:53:41.0484 3492 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    23:53:41.0484 3492 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    23:53:41.0546 3492 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    23:53:41.0546 3492 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    23:53:41.0546 3492 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    23:53:41.0546 3492 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    23:53:41.0546 3492 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    23:53:41.0578 3492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    23:53:41.0578 3492 \Device\Harddisk0\DR0 - ok
    23:53:42.0718 3492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    23:53:49.0187 4528 Deinitialize success
  2. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
    Run by Master Blaster at 3:35:31 on 2012-11-24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1417 [GMT -8:00]
    .
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\ASTSRV.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\NetWorx\networx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uProxyOverride = <local>
    BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: &NetWorx Desk Band: {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - c:\program files\networx\deskband.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ProtectedData] RUNDLL32.EXE "c:\documents and settings\master blaster\local settings\application data\protecteddata\hkrlfnhn.dll",vlc_entry__1_0_0e
    uRun: [Akamai NetSession Interface] "c:\documents and settings\master blaster\local settings\application data\akamai\netsession_win.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    LSP: c:\windows\system32\idmmbc.dll
    LSP: mswsock.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260536422999
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349866232665
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\master blaster\application data\mozilla\firefox\profiles\r52wkqpj.default\
    FF - prefs.js: browser.search.selectedEngine - Claro Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
    FF - component: c:\documents and settings\master blaster\application data\idm\idmmzcc3\components\idmmzcc.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2012-10-02 02:28; OneClickDownload@OneClickDownload.com; c:\documents and settings\master blaster\application data\mozilla\firefox\profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
    FF - ExtSQL: 2012-10-03 19:55; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\master blaster\application data\mozilla\firefox\profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
    FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\master blaster\application data\mozilla\firefox\profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
    FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\master blaster\application data\mozilla\firefox\profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
    FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.claro.autoRvrt - false
    FF - user.js: extensions.claro_i.newTab - false
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08:21
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef -
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-8-12 26248]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-8-12 20616]
    R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-6-19 51640]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
    R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2011-8-19 57344]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-1-30 12184]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-21 399432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-10 676936]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-1-18 101392]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-8-12 122504]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 12184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-10 22856]
    S0 pneclo;pneclo;c:\windows\system32\drivers\ythte.sys --> c:\windows\system32\drivers\ythte.sys [?]
    S2 ccproxy;IAimFP6;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 ofcpfwsvc;Radiosvr;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
    S2 pav_security;Was;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
    S2 vet-filt;TPECioCtl;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
    S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-8-12 14216]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 awhost32;Se58obex;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
    S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [2010-9-14 54016]
    .
    =============== File Associations ===============
    .
    .txt: <filetype is not registered>
    .
    =============== Created Last 30 ================
    .
    2012-11-23 12:19:05 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-22 13:21:36 88064 ----a-w- c:\documents and settings\master blaster\sftxtqspxzrlgy.exe
    2012-11-22 13:21:35 58880 ----a-w- c:\documents and settings\master blaster\hhlcgdbfyxjbuuljil.exe
    2012-11-22 07:44:23 -------- d-----w- c:\documents and settings\master blaster\.frostwire5
    2012-11-22 07:40:07 -------- d-----w- c:\documents and settings\master blaster\application data\OpenCandy
    2012-11-19 20:23:53 -------- d-----w- c:\documents and settings\master blaster\local settings\application data\ProtectedData
    2012-11-08 10:19:41 -------- d-----w- c:\program files\WS_FTP
    2012-11-08 10:19:14 724992 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iKernel.dll
    2012-11-08 10:19:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\ctor.dll
    2012-11-08 10:19:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
    2012-11-08 10:19:14 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iscript.dll
    2012-11-08 10:19:14 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iuser.dll
    2012-11-08 10:19:08 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\Setup.dll
    2012-11-08 10:19:08 184452 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iGdi.dll
    2012-11-04 18:04:46 -------- d-----w- c:\program files\FirstRowSportApp.com
    2012-11-02 09:48:39 -------- d-----w- c:\program files\Ffmpeg For Audacity
    2012-11-02 09:40:25 -------- d-----w- c:\program files\Audacity
    .
    ==================== Find3M ====================
    .
    2012-11-22 07:41:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-11-22 07:41:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-11-14 02:23:45 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-14 02:23:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-09 17:33:06 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-10-08 23:23:29 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-08 23:23:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-08 23:23:26 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-08 23:23:26 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
    2006-05-03 19:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 20:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 22:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
    2010-01-07 07:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
    .
    ============= FINISH: 3:36:09.04 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/10/2009 8:41:39 PM
    System Uptime: 11/24/2012 3:18:38 AM (0 hours ago)
    .
    Motherboard: ECS | | GF7050VT-M
    Processor: Intel Pentium III Xeon processor | CPU 1 | 2533/267mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 128 GiB total, 1.324 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 149 GiB total, 0.463 GiB free.
    F: is FIXED (NTFS) - 149 GiB total, 0.218 GiB free.
    G: is FIXED (NTFS) - 571 GiB total, 0.961 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP210: 11/20/2012 9:54:44 PM - System Checkpoint
    RP211: 11/22/2012 7:02:42 AM - Restore Operation
    RP212: 11/22/2012 7:07:11 AM - Restore Operation
    RP213: 11/23/2012 10:20:57 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0
    Adobe Reader X
    Advanced Zip Repair v1.6
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 2.0.2
    Bass Audio Decoder (remove only)
    Bonjour
    Canon CanoScan Toolbox 4.9
    Canon ScanGear Starter
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    ccc-utility
    CCC Help English
    CD Audio Reader Filter (remove only)
    Color Cop 5.4.3
    DCoder Image Source (remove only)
    DirectVobSub (remove only)
    DivX Setup
    DScaler 5 Mpeg Decoders
    EASEUS Todo Backup 1.1
    EasyBCD 2.0
    eReg
    ExtractNow
    ffdshow [rev 2527] [2008-12-19]
    FFmpeg v0.6.2 for Audacity
    FirstRowSportApp
    Gabest MPEG Splitter (remove only)
    Google Earth Plug-in
    Google Update Helper
    HiDownloadPlatinum
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    IDT Audio
    Internet Download Manager
    Ipswitch WS_FTP LE
    Java 7 Update 7
    Java(TM) 6 Update 31
    LAME v3.98.2 for Audacity
    LG USB Modem driver
    Logitech SetPoint 6.32
    Logitech Unifying Software 2.00
    Malwarebytes Anti-Malware version 1.65.1.1000
    MediaInfo 0.7.50
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 7.0
    Microsoft IntelliType Pro 8.2
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WinUsb 1.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MONOGRAM AMR Splitter/Decoder (remove only)
    Moyea FLV Editor Lite version: 1.0.1.0
    Moyea FLV Player version: 2.0.2.96
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 6 Ultra Edition
    NetWorx 5.2.3
    NVIDIA Drivers
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    OpenSource DTS/AC3/DD+ Source Filter (remove only)
    OpenSource Flash Video Splitter (remove only)
    PeerBlock 1.1 (r518)
    QuickTime
    Recuva
    Registry Mechanic v9.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2618444)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SpeeDefrag 5.2.1
    Subtitle Search
    SUPER © v2012.build.53 (Sep 13, 2012) version v2012.build.53
    SUPERAntiSpyware
    System Requirements Lab
    Trend Micro™ Titanium™ Internet Security
    TUGZip 3.5
    TuneUp Utilities 2009
    uMusic
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 2.0.3
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series SDK
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinPcap 4.1.1
    Xvid Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/22/2012 6:53:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT networx RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
    11/22/2012 6:53:29 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 6:53:29 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 6:53:29 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 6:53:29 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 6:53:29 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 6:52:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/22/2012 6:52:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    11/22/2012 5:41:13 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    11/22/2012 5:28:11 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
    11/22/2012 4:47:02 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'Uninstall .. Helper.lnk' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    11/22/2012 11:53:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Bonjour Service service to connect.
    11/22/2012 11:53:01 PM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/21/2012 9:36:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Nalpeiron Licensing Service service to connect.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Was service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The W55U01 service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Tomcatcws3 service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Symantecantibotfilter service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The SNDO763 service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Smwdm service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Se45obex service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Radiosvr service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Olcamsrv service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The OEM02Vfx service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Mclserviceatl service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The LEX_AS_NIC_SERVICE_YNOS service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Issm service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Isdrv120 service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Ifxtcs service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The IAimFP6 service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The HSX_DP service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Gv3 service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Emu10k service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The DS1410D service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Dlcc_device service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Cwafrmiregistry service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The CTEDSPFX.DLL service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Camdrl service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Bthmodem service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Awservice service terminated with the following error: The specified module could not be found.
    11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Adpu320 service terminated with the following error: The specified module could not be found.
    11/19/2012 9:17:51 AM, error: Service Control Manager [7023] - The Winmtsrv service terminated with the following error: The specified module could not be found.
    11/19/2012 9:17:51 AM, error: Service Control Manager [7023] - The TPECioCtl service terminated with the following error: The specified module could not be found.
    11/19/2012 9:17:51 AM, error: Service Control Manager [7023] - The IAimFP5 service terminated with the following error: The specified module could not be found.
    11/19/2012 9:17:51 AM, error: Service Control Manager [7023] - The Cwafnotesservice service terminated with the following error: The specified module could not be found.
    11/19/2012 12:28:21 PM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 001E90E94F32 has been denied by the DHCP server 66.75.142.46 (The DHCP Server sent a DHCPNACK message).
    11/19/2012 12:27:53 PM, error: Dhcp [1002] - The IP address lease 76.87.73.175 for the Network Card with network address 001E90E94F32 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there!

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.


    CapperKiller Scan

    The CapperKiller utility is designed for treating the aftermaths of a Trojan-Banker.Win32.Capper infection.

    How to use the utility:
    • Download the CapperKiller.exe utility.
    • Run CapperKiller.exe

      [​IMG]
    • A reboot may be required after the treatment. Please make sure it reboots, if it asks.
    • A report will be created in your root directory, (usually C:\ folder) in the form of "CapperKiller.[Version]_[Date]_[Time]_log.txt".
    • Please copy and paste its contents on your next reply.
    • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
  4. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Tried running CapperKiller but it states IE is running, even though I've closed all open browser windows, so I'll try again after a reboot and post results if successful.



    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-24 14:19:13
    -----------------------------
    14:19:13.671 OS Version: Windows 5.1.2600 Service Pack 3
    14:19:13.671 Number of processors: 2 586 0x1706
    14:19:13.671 ComputerName: ENDLESS UserName:
    14:19:15.953 Initialize success
    14:23:25.015 AVAST engine defs: 12112401
    14:25:33.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
    14:25:33.828 Disk 0 Vendor: WDC_WD7500AADS-00L5B1 01.01A01 Size: 715404MB BusType: 3
    14:25:33.828 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19
    14:25:33.828 Disk 1 Vendor: WDC_WD3200AAKS-00B3A0 01.03A01 Size: 305245MB BusType: 3
    14:25:33.843 Disk 0 MBR read successfully
    14:25:33.843 Disk 0 MBR scan
    14:25:33.906 Disk 0 Windows XP default MBR code
    14:25:33.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
    14:25:33.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 584340 MB offset 268414020
    14:25:33.921 Disk 0 scanning sectors +1465144065
    14:25:33.984 Disk 0 scanning C:\WINDOWS\system32\drivers
    14:25:46.093 Service scanning
    14:26:02.640 Modules scanning
    14:26:13.000 AVAST engine scan C:\WINDOWS
    14:26:20.921 AVAST engine scan C:\WINDOWS\system32
    14:29:34.765 AVAST engine scan C:\WINDOWS\system32\drivers
    14:29:52.171 AVAST engine scan C:\Documents and Settings\Master Blaster
    14:37:25.468 File: C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\16\70ddbd90-42773736 **INFECTED** Win32:BHO-AIE [Trj]
    14:37:26.437 File: C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\8\16604e88-65ae27e7 **INFECTED** Win32:Tipa [Cryp]
    14:37:38.218 File: C:\Documents and Settings\Master Blaster\Local Settings\temp\2AE.tmp **INFECTED** Win32:BHO-AIE [Trj]
    14:44:21.406 AVAST engine scan C:\Documents and Settings\All Users
    14:45:17.265 Scan finished successfully
    23:48:12.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Master Blaster\Desktop\suki\MBR.dat"
    23:48:12.187 The log file has been saved successfully to "C:\Documents and Settings\Master Blaster\Desktop\suki\aswMBR.txt"

    Attached Files:

    • MBR.zip
      File size:
      509 bytes
      Views:
      0
  5. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    00:28:43.0125 1284 Trojan-Banker.Win32.Capper removal tool 1.0.7.0 Nov 19 2012 19:35:35
    00:28:43.0828 1284 ============================================================
    00:28:43.0828 1284 Current date / time: 2012/11/25 00:28:43.0828
    00:28:43.0828 1284 SystemInfo:
    00:28:43.0828 1284
    00:28:43.0828 1284 OS Version: 5.1.2600 ServicePack: 3.0
    00:28:43.0828 1284 Product type: Workstation
    00:28:43.0828 1284 ComputerName: ENDLESS
    00:28:43.0828 1284 UserName: Master Blaster
    00:28:43.0828 1284 Windows directory: C:\WINDOWS
    00:28:43.0828 1284 System windows directory: C:\WINDOWS
    00:28:43.0828 1284 Processor architecture: Intel x86
    00:28:43.0828 1284 Number of processors: 2
    00:28:43.0828 1284 Page size: 0x1000
    00:28:43.0828 1284 Boot type: Normal boot
    00:28:43.0828 1284 ============================================================
    00:28:43.0828 1284 Initialize success
    00:28:43.0828 1284 ============================================================
    00:28:48.0468 2972 ================================================================================
    00:28:48.0468 2972 Scan started
    00:28:48.0468 2972 ================================================================================
    00:28:48.0468 2972 ProcessDriveEnumEx: Drive A:\ type 2:350
    00:28:48.0468 2972 ProcessDriveEnumEx: Drive C:\ type 3:0
    00:33:46.0593 2972 ProcessDriveEnumEx: Drive D:\ type 5:0
    00:33:46.0593 2972 ProcessDriveEnumEx: Drive E:\ type 3:0
    00:33:51.0312 2972 ProcessDriveEnumEx: Drive F:\ type 3:0
    00:33:52.0625 2972 ProcessDriveEnumEx: Drive G:\ type 3:0
    00:34:44.0046 2972 ================================================================================
    00:34:44.0046 2972 Scan finished
    00:34:44.0046 2972 ================================================================================
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    ComboFix 12-11-25.01 - Master Blaster 11/25/2012 12:10:31.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1347 [GMT -8:00]
    Running from: c:\documents and settings\Master Blaster\Desktop\ComboFix.exe
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\dsgsdgdsgdsgw.pad
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Master Blaster\hhlcgdbfyxjbuuljil.exe
    c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData\hkrlfnhn.dll
    c:\documents and settings\Master Blaster\sftxtqspxzrlgy.exe
    E:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-23 12:19 . 2012-11-23 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-22 07:44 . 2012-11-22 08:09 -------- d-----w- c:\documents and settings\Master Blaster\.frostwire5
    2012-11-22 07:41 . 2012-11-22 08:31 -------- d-----w- c:\program files\Real
    2012-11-22 07:40 . 2012-11-22 07:40 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\OpenCandy
    2012-11-19 20:23 . 2012-11-25 20:14 -------- d-----w- c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData
    2012-11-08 10:19 . 2012-11-08 10:19 -------- d-----w- c:\program files\WS_FTP
    2012-11-08 10:19 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
    2012-11-08 10:19 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
    2012-11-08 10:19 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
    2012-11-08 10:19 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
    2012-11-08 10:19 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
    2012-11-08 10:19 . 2012-11-08 10:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
    2012-11-08 10:19 . 2012-11-08 10:19 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
    2012-11-04 18:04 . 2012-11-04 18:04 -------- d-----w- c:\program files\FirstRowSportApp.com
    2012-11-02 09:48 . 2012-11-02 09:48 -------- d-----w- c:\program files\Ffmpeg For Audacity
    2012-11-02 09:40 . 2012-11-24 06:31 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\Audacity
    2012-11-02 09:40 . 2012-11-02 09:40 -------- d-----w- c:\program files\Audacity
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-22 07:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-11-22 07:41 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-11-14 02:23 . 2012-04-02 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-14 02:23 . 2011-05-17 10:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-09 17:33 . 2012-07-12 09:33 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-10-08 23:23 . 2012-10-08 23:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-08 23:23 . 2012-10-08 23:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-08 23:23 . 2012-04-21 22:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-08 23:23 . 2012-04-21 22:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-09-30 03:54 . 2012-04-11 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-28 15:14 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
    2012-10-30 10:35 . 2012-10-30 10:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 19:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 20:47 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 22:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    2010-01-07 07:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "Akamai NetSession Interface"="c:\documents and settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "NetWorx"="c:\program files\NetWorx\networx.exe" [2012-06-10 3225144]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
    2012-06-10 02:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Bonjour Service"=2 (0x2)
    "ZuneWlanCfgSvc"=3 (0x3)
    "ZuneNetworkSvc"=3 (0x3)
    "ZuneBusEnum"=2 (0x2)
    "WMZuneComm"=3 (0x3)
    "Updater Service for StartNow Toolbar"=2 (0x2)
    "ImapiService"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "cdloader"="c:\documents and settings\Master Blaster\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/12/2010 2:46 AM 26248]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [8/12/2010 2:46 AM 20616]
    R1 networx;networx;c:\windows\system32\drivers\networx.sys [6/19/2011 4:05 AM 51640]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 4:00 AM 14336]
    R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [8/19/2011 9:42 PM 57344]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/30/2011 12:16 PM 12184]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 9:24 PM 399432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 4:17 PM 676936]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/18/2012 2:31 AM 101392]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8/12/2010 2:46 AM 122504]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 9:30 AM 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 9:30 AM 12184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 4:17 PM 22856]
    S0 pneclo;pneclo;c:\windows\system32\drivers\ythte.sys --> c:\windows\system32\drivers\ythte.sys [?]
    S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/12/2010 2:46 AM 14216]
    S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [9/14/2010 11:06 PM 54016]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    NETSVCS REQUIRES REPAIRS - current entries shown
    6to4
    AppMgmt
    AudioSrv
    Browser
    CryptSvc
    DMServer
    DHCP
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    HidServ
    Ias
    Iprip
    Irmon
    LanmanServer
    LanmanWorkstation
    Messenger
    Netman
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    vet-filt
    lvpopflt
    mcredirector
    bc_pat_f
    rismxdp
    UPATC
    CTDevice_Srv
    imountsrv
    vstor2-ws60
    awhost32
    protectionservice
    ovt519
    lxcf_device
    CBN
    Bcim
    fsaa
    fasttrackinstallerservice
    comhost
    DVDRC
    StkASSrv
    s116obex
    ltmodem5
    PSSdk21
    hpqwmiex
    k750mgmt
    pav_security
    TIEHDUSB
    ctdvda2k
    ctxcpubal
    ofcpfwsvc
    ccproxy
    G400DH
    atinevxx
    ashampoodefragservice
    agnwifi
    SRTSPL
    keriomailserver
    wmccdsls
    aolavupd
    hsxhwazl
    MSMQ
    tng-dts
    tng-dtmg
    F700iat
    arrayssl_vpn_service3,0,1,9
    pdlnatdl
    atkdisplf
    tga
    AsusACPI
    mqdmbus
    GMSIPCI
    ANC
    wwsecsvc
    Remoteaccess
    Schedule
    Seclogon
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Themes
    TrkWks
    UxTuneUp
    W32Time
    WZCSVC
    Wmi
    WmdmPmSp
    winmgmt
    TermService
    BITS
    ShellHWDetection
    helpsvc
    xmlprov
    wscsvc
    WmdmPmSN
    napagent
    hkmsvc
    wuauserv
    .
    Rebuilding ... You need to reboot your machine for this to take effect.
    .
    uploadmgr
    ip6fwhlp
    mhn
    sacsvr
    trksvr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-25 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
    .
    2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:23]
    .
    2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
    .
    2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    LSP: c:\windows\system32\idmmbc.dll
    Trusted Zone: thephins.com\www
    Trusted Zone: tube8.com\www
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\
    FF - prefs.js: browser.search.selectedEngine - Claro Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
    FF - ExtSQL: 2012-10-02 02:28; OneClickDownload@OneClickDownload.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
    FF - ExtSQL: 2012-10-03 19:55; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
    FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
    FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
    FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.claro.autoRvrt - false
    FF - user.js: extensions.claro_i.newTab - false
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef -
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-ProtectedData - c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData\hkrlfnhn.dll
    SafeBoot-36659270.sys
    SafeBoot-70124556.sys
    MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-25 12:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ProtectedData = RUNDLL32.EXE "c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData\hkrlfnhn.dll",vlc_entry__1_0_0e?123456789
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24851210-fc14-4b19-812b-d9133aea46a2}]
    @Denied: (Full) (Everyone)
    "Model"=dword:0000006a
    "Therad"=dword:0000001e
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):0f,97,2f,57,31,e5,f7,f5,ae,6e,91,35,40,51,ee,d8,1c,63,4d,97,f6,
    f7,49,aa,01,84,04,4a,f0,68,42,14,0b,0c,db,ea,27,fb,fd,07,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(980)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    Completion time: 2012-11-25 12:17:13
    ComboFix-quarantined-files.txt 2012-11-25 20:17
    ComboFix2.txt 2012-06-04 05:07
    .
    Pre-Run: 1,656,971,264 bytes free
    Post-Run: 2,502,180,864 bytes free
    .
    - - End Of File - - FB816FAD81252F4943A829D0280416FE
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  9. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    ComboFix 12-11-25.01 - Master Blaster 11/27/2012 1:48.6.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1261 [GMT -8:00]
    Running from: c:\documents and settings\Master Blaster\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Master Blaster\Desktop\CFScript.txt
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-23 12:19 . 2012-11-23 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-22 07:44 . 2012-11-22 08:09 -------- d-----w- c:\documents and settings\Master Blaster\.frostwire5
    2012-11-22 07:41 . 2012-11-22 08:31 -------- d-----w- c:\program files\Real
    2012-11-22 07:40 . 2012-11-22 07:40 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\OpenCandy
    2012-11-19 20:23 . 2012-11-25 20:14 -------- d-----w- c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData
    2012-11-08 10:19 . 2012-11-08 10:19 -------- d-----w- c:\program files\WS_FTP
    2012-11-08 10:19 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
    2012-11-08 10:19 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
    2012-11-08 10:19 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
    2012-11-08 10:19 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
    2012-11-08 10:19 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
    2012-11-08 10:19 . 2012-11-08 10:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
    2012-11-08 10:19 . 2012-11-08 10:19 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
    2012-11-04 18:04 . 2012-11-04 18:04 -------- d-----w- c:\program files\FirstRowSportApp.com
    2012-11-02 09:48 . 2012-11-02 09:48 -------- d-----w- c:\program files\Ffmpeg For Audacity
    2012-11-02 09:40 . 2012-11-25 22:55 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\Audacity
    2012-11-02 09:40 . 2012-11-02 09:40 -------- d-----w- c:\program files\Audacity
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-22 07:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-11-22 07:41 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-11-14 02:23 . 2012-04-02 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-14 02:23 . 2011-05-17 10:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-09 17:33 . 2012-07-12 09:33 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-10-08 23:23 . 2012-10-08 23:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-08 23:23 . 2012-10-08 23:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-08 23:23 . 2012-04-21 22:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-08 23:23 . 2012-04-21 22:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-09-30 03:54 . 2012-04-11 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-30 10:35 . 2012-10-30 10:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 19:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 20:47 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 22:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    2010-01-07 07:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "Akamai NetSession Interface"="c:\documents and settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "NetWorx"="c:\program files\NetWorx\networx.exe" [2012-06-10 3225144]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
    2012-06-10 02:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Bonjour Service"=2 (0x2)
    "ZuneWlanCfgSvc"=3 (0x3)
    "ZuneNetworkSvc"=3 (0x3)
    "ZuneBusEnum"=2 (0x2)
    "WMZuneComm"=3 (0x3)
    "Updater Service for StartNow Toolbar"=2 (0x2)
    "ImapiService"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "cdloader"="c:\documents and settings\Master Blaster\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Master Blaster\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1043:TCP"= 1043:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/12/2010 2:46 AM 26248]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [8/12/2010 2:46 AM 20616]
    R1 networx;networx;c:\windows\system32\drivers\networx.sys [6/19/2011 4:05 AM 51640]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 4:00 AM 14336]
    R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [8/19/2011 9:42 PM 57344]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/30/2011 12:16 PM 12184]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 9:24 PM 399432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 4:17 PM 676936]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/18/2012 2:31 AM 101392]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8/12/2010 2:46 AM 122504]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 9:30 AM 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 9:30 AM 12184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 4:17 PM 22856]
    S0 pneclo;pneclo;c:\windows\system32\drivers\ythte.sys --> c:\windows\system32\drivers\ythte.sys [?]
    S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/12/2010 2:46 AM 14216]
    S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [9/14/2010 11:06 PM 54016]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    NETSVCS REQUIRES REPAIRS - current entries shown
    6to4
    AppMgmt
    AudioSrv
    Browser
    CryptSvc
    DMServer
    DHCP
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    HidServ
    Ias
    Iprip
    Irmon
    LanmanServer
    LanmanWorkstation
    Messenger
    Netman
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    vet-filt
    lvpopflt
    mcredirector
    bc_pat_f
    rismxdp
    UPATC
    CTDevice_Srv
    imountsrv
    vstor2-ws60
    awhost32
    protectionservice
    ovt519
    lxcf_device
    CBN
    Bcim
    fsaa
    fasttrackinstallerservice
    comhost
    DVDRC
    StkASSrv
    s116obex
    ltmodem5
    PSSdk21
    hpqwmiex
    k750mgmt
    pav_security
    TIEHDUSB
    ctdvda2k
    ctxcpubal
    ofcpfwsvc
    ccproxy
    G400DH
    atinevxx
    ashampoodefragservice
    agnwifi
    SRTSPL
    keriomailserver
    wmccdsls
    aolavupd
    hsxhwazl
    MSMQ
    tng-dts
    tng-dtmg
    F700iat
    arrayssl_vpn_service3,0,1,9
    pdlnatdl
    atkdisplf
    tga
    AsusACPI
    mqdmbus
    GMSIPCI
    ANC
    wwsecsvc
    Remoteaccess
    Schedule
    Seclogon
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Themes
    TrkWks
    UxTuneUp
    W32Time
    WZCSVC
    Wmi
    WmdmPmSp
    winmgmt
    TermService
    BITS
    ShellHWDetection
    helpsvc
    xmlprov
    wscsvc
    WmdmPmSN
    napagent
    hkmsvc
    wuauserv
    uploadmgr
    ip6fwhlp
    mhn
    sacsvr
    trksvr
    .
    Rebuilding ... You need to reboot your machine for this to take effect.
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-27 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
    .
    2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:23]
    .
    2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
    .
    2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    LSP: c:\windows\system32\idmmbc.dll
    Trusted Zone: thephins.com\www
    Trusted Zone: tube8.com\www
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\
    FF - prefs.js: browser.search.selectedEngine - Claro Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
    FF - ExtSQL: 2012-10-02 02:28; OneClickDownload@OneClickDownload.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
    FF - ExtSQL: 2012-10-03 19:55; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
    FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
    FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
    FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.claro.autoRvrt - false
    FF - user.js: extensions.claro_i.newTab - false
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef -
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-27 01:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24851210-fc14-4b19-812b-d9133aea46a2}]
    @Denied: (Full) (Everyone)
    "Model"=dword:0000006a
    "Therad"=dword:0000001e
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):0f,97,2f,57,31,e5,f7,f5,ae,6e,91,35,40,51,ee,d8,1c,63,4d,97,f6,
    f7,49,aa,01,84,04,4a,f0,68,42,14,0b,0c,db,ea,27,fb,fd,07,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(976)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    - - - - - - - > 'explorer.exe'(996)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-11-27 01:55:45
    ComboFix-quarantined-files.txt 2012-11-27 09:55
    ComboFix2.txt 2012-11-25 20:17
    ComboFix3.txt 2012-06-04 05:07
    .
    Pre-Run: 2,593,116,160 bytes free
    Post-Run: 2,580,123,648 bytes free
    .
    - - End Of File - - 48CB8D50EE1BCD35573F2F9602C6C55B
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  11. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Cool little script, I keep looking for the previous "CFScript.txt" file,
    on my desktop, to delete before saving the next, but Combofix.exe apparently digests it, lol.


    ComboFix 12-11-25.01 - Master Blaster 11/27/2012 19:33:46.7.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1227 [GMT -8:00]
    Running from: c:\documents and settings\Master Blaster\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Master Blaster\Desktop\CFScript.txt
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-23 12:19 . 2012-11-23 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-22 07:44 . 2012-11-22 08:09 -------- d-----w- c:\documents and settings\Master Blaster\.frostwire5
    2012-11-22 07:41 . 2012-11-22 08:31 -------- d-----w- c:\program files\Real
    2012-11-22 07:40 . 2012-11-22 07:40 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\OpenCandy
    2012-11-19 20:23 . 2012-11-25 20:14 -------- d-----w- c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData
    2012-11-08 10:19 . 2012-11-08 10:19 -------- d-----w- c:\program files\WS_FTP
    2012-11-08 10:19 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
    2012-11-08 10:19 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
    2012-11-08 10:19 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
    2012-11-08 10:19 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
    2012-11-08 10:19 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
    2012-11-08 10:19 . 2012-11-08 10:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
    2012-11-08 10:19 . 2012-11-08 10:19 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
    2012-11-04 18:04 . 2012-11-04 18:04 -------- d-----w- c:\program files\FirstRowSportApp.com
    2012-11-02 09:48 . 2012-11-02 09:48 -------- d-----w- c:\program files\Ffmpeg For Audacity
    2012-11-02 09:40 . 2012-11-25 22:55 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\Audacity
    2012-11-02 09:40 . 2012-11-02 09:40 -------- d-----w- c:\program files\Audacity
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-22 07:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-11-22 07:41 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-11-14 02:23 . 2012-04-02 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-14 02:23 . 2011-05-17 10:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-09 17:33 . 2012-07-12 09:33 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-10-08 23:23 . 2012-10-08 23:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-08 23:23 . 2012-10-08 23:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-08 23:23 . 2012-04-21 22:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-08 23:23 . 2012-04-21 22:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-09-30 03:54 . 2012-04-11 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-30 10:35 . 2012-10-30 10:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 19:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 20:47 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 22:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    2010-01-07 07:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "Akamai NetSession Interface"="c:\documents and settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "NetWorx"="c:\program files\NetWorx\networx.exe" [2012-06-10 3225144]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
    2012-06-10 02:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Bonjour Service"=2 (0x2)
    "ZuneWlanCfgSvc"=3 (0x3)
    "ZuneNetworkSvc"=3 (0x3)
    "ZuneBusEnum"=2 (0x2)
    "WMZuneComm"=3 (0x3)
    "Updater Service for StartNow Toolbar"=2 (0x2)
    "ImapiService"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "cdloader"="c:\documents and settings\Master Blaster\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Master Blaster\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1043:TCP"= 1043:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/12/2010 2:46 AM 26248]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [8/12/2010 2:46 AM 20616]
    R1 networx;networx;c:\windows\system32\drivers\networx.sys [6/19/2011 4:05 AM 51640]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 4:00 AM 14336]
    R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [8/19/2011 9:42 PM 57344]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/30/2011 12:16 PM 12184]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 9:24 PM 399432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 4:17 PM 676936]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/18/2012 2:31 AM 101392]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8/12/2010 2:46 AM 122504]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 9:30 AM 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 9:30 AM 12184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 4:17 PM 22856]
    S0 pneclo;pneclo;c:\windows\system32\drivers\ythte.sys --> c:\windows\system32\drivers\ythte.sys [?]
    S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/12/2010 2:46 AM 14216]
    S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [9/14/2010 11:06 PM 54016]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    NETSVCS REQUIRES REPAIRS - current entries shown
    6to4
    AppMgmt
    AudioSrv
    Browser
    CryptSvc
    DMServer
    DHCP
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    HidServ
    Ias
    Iprip
    Irmon
    LanmanServer
    LanmanWorkstation
    Messenger
    Netman
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    vet-filt
    lvpopflt
    mcredirector
    bc_pat_f
    rismxdp
    UPATC
    CTDevice_Srv
    imountsrv
    vstor2-ws60
    awhost32
    protectionservice
    ovt519
    lxcf_device
    CBN
    Bcim
    fsaa
    fasttrackinstallerservice
    comhost
    DVDRC
    StkASSrv
    s116obex
    ltmodem5
    PSSdk21
    hpqwmiex
    k750mgmt
    pav_security
    TIEHDUSB
    ctdvda2k
    ctxcpubal
    ofcpfwsvc
    ccproxy
    G400DH
    atinevxx
    ashampoodefragservice
    agnwifi
    SRTSPL
    keriomailserver
    wmccdsls
    aolavupd
    hsxhwazl
    MSMQ
    tng-dts
    tng-dtmg
    F700iat
    arrayssl_vpn_service3,0,1,9
    pdlnatdl
    atkdisplf
    tga
    AsusACPI
    mqdmbus
    GMSIPCI
    ANC
    wwsecsvc
    Remoteaccess
    Schedule
    Seclogon
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Themes
    TrkWks
    UxTuneUp
    W32Time
    WZCSVC
    Wmi
    WmdmPmSp
    winmgmt
    TermService
    BITS
    ShellHWDetection
    helpsvc
    xmlprov
    wscsvc
    WmdmPmSN
    napagent
    hkmsvc
    wuauserv
    uploadmgr
    ip6fwhlp
    mhn
    sacsvr
    trksvr
    .
    Rebuilding ... You need to reboot your machine for this to take effect.
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-28 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
    .
    2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:23]
    .
    2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
    .
    2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    LSP: c:\windows\system32\idmmbc.dll
    Trusted Zone: thephins.com\www
    Trusted Zone: tube8.com\www
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\
    FF - prefs.js: browser.search.selectedEngine - Claro Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
    FF - ExtSQL: 2012-10-02 02:28; OneClickDownload@OneClickDownload.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
    FF - ExtSQL: 2012-10-03 19:55; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
    FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
    FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
    FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.claro.autoRvrt - false
    FF - user.js: extensions.claro_i.newTab - false
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef -
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-27 19:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24851210-fc14-4b19-812b-d9133aea46a2}]
    @Denied: (Full) (Everyone)
    "Model"=dword:0000006a
    "Therad"=dword:0000001e
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):0f,97,2f,57,31,e5,f7,f5,ae,6e,91,35,40,51,ee,d8,1c,63,4d,97,f6,
    f7,49,aa,01,84,04,4a,f0,68,42,14,0b,0c,db,ea,27,fb,fd,07,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(976)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    Completion time: 2012-11-27 19:38:14
    ComboFix-quarantined-files.txt 2012-11-28 03:38
    ComboFix2.txt 2012-11-25 20:17
    ComboFix3.txt 2012-06-04 05:07
    .
    Pre-Run: 2,583,994,368 bytes free
    Post-Run: 2,571,874,304 bytes free
    .
    - - End Of File - - 109853751D131B65555E99A59A3F5077
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Haha :D

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  13. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    ComboFix 12-11-25.01 - Master Blaster 11/29/2012 0:16.8.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1262 [GMT -8:00]
    Running from: c:\documents and settings\Master Blaster\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Master Blaster\Desktop\CFScript.txt
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-29 08:05 . 2012-11-29 08:05 -------- d-----w- c:\program files\GPLGS
    2012-11-29 08:04 . 2012-09-12 23:32 88688 ----a-w- c:\windows\system32\cpwmon2k.dll
    2012-11-23 12:19 . 2012-11-23 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-22 07:44 . 2012-11-22 08:09 -------- d-----w- c:\documents and settings\Master Blaster\.frostwire5
    2012-11-22 07:41 . 2012-11-22 08:31 -------- d-----w- c:\program files\Real
    2012-11-22 07:40 . 2012-11-22 07:40 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\OpenCandy
    2012-11-19 20:23 . 2012-11-25 20:14 -------- d-----w- c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData
    2012-11-08 10:19 . 2012-11-08 10:19 -------- d-----w- c:\program files\WS_FTP
    2012-11-08 10:19 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
    2012-11-08 10:19 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
    2012-11-08 10:19 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
    2012-11-08 10:19 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
    2012-11-08 10:19 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
    2012-11-08 10:19 . 2012-11-08 10:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
    2012-11-08 10:19 . 2012-11-08 10:19 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
    2012-11-04 18:04 . 2012-11-04 18:04 -------- d-----w- c:\program files\FirstRowSportApp.com
    2012-11-02 09:48 . 2012-11-02 09:48 -------- d-----w- c:\program files\Ffmpeg For Audacity
    2012-11-02 09:40 . 2012-11-25 22:55 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\Audacity
    2012-11-02 09:40 . 2012-11-02 09:40 -------- d-----w- c:\program files\Audacity
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-22 07:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-11-22 07:41 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-11-14 02:23 . 2012-04-02 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-14 02:23 . 2011-05-17 10:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-09 17:33 . 2012-07-12 09:33 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-10-08 23:23 . 2012-10-08 23:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-08 23:23 . 2012-10-08 23:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-08 23:23 . 2012-04-21 22:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-08 23:23 . 2012-04-21 22:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-09-30 03:54 . 2012-04-11 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-30 10:35 . 2012-10-30 10:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 19:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 20:47 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 22:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    2010-01-07 07:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "Akamai NetSession Interface"="c:\documents and settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "NetWorx"="c:\program files\NetWorx\networx.exe" [2012-06-10 3225144]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
    2012-06-10 02:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Bonjour Service"=2 (0x2)
    "ZuneWlanCfgSvc"=3 (0x3)
    "ZuneNetworkSvc"=3 (0x3)
    "ZuneBusEnum"=2 (0x2)
    "WMZuneComm"=3 (0x3)
    "Updater Service for StartNow Toolbar"=2 (0x2)
    "ImapiService"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "cdloader"="c:\documents and settings\Master Blaster\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Master Blaster\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/12/2010 2:46 AM 26248]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [8/12/2010 2:46 AM 20616]
    R1 networx;networx;c:\windows\system32\drivers\networx.sys [6/19/2011 4:05 AM 51640]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 4:00 AM 14336]
    R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [8/19/2011 9:42 PM 57344]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/30/2011 12:16 PM 12184]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 9:24 PM 399432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 4:17 PM 676936]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/18/2012 2:31 AM 101392]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8/12/2010 2:46 AM 122504]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 9:30 AM 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 9:30 AM 12184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 4:17 PM 22856]
    S0 pneclo;pneclo;c:\windows\system32\drivers\ythte.sys --> c:\windows\system32\drivers\ythte.sys [?]
    S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/12/2010 2:46 AM 14216]
    S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [9/14/2010 11:06 PM 54016]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    NETSVCS REQUIRES REPAIRS - current entries shown
    6to4
    AppMgmt
    AudioSrv
    Browser
    CryptSvc
    DMServer
    DHCP
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    HidServ
    Ias
    Iprip
    Irmon
    LanmanServer
    LanmanWorkstation
    Messenger
    Netman
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    vet-filt
    lvpopflt
    mcredirector
    bc_pat_f
    rismxdp
    UPATC
    CTDevice_Srv
    imountsrv
    vstor2-ws60
    awhost32
    protectionservice
    ovt519
    lxcf_device
    CBN
    Bcim
    fsaa
    fasttrackinstallerservice
    comhost
    DVDRC
    StkASSrv
    s116obex
    ltmodem5
    PSSdk21
    hpqwmiex
    k750mgmt
    pav_security
    TIEHDUSB
    ctdvda2k
    ctxcpubal
    ofcpfwsvc
    ccproxy
    G400DH
    atinevxx
    ashampoodefragservice
    agnwifi
    SRTSPL
    keriomailserver
    wmccdsls
    aolavupd
    hsxhwazl
    MSMQ
    tng-dts
    tng-dtmg
    F700iat
    arrayssl_vpn_service3,0,1,9
    pdlnatdl
    atkdisplf
    tga
    AsusACPI
    mqdmbus
    GMSIPCI
    ANC
    wwsecsvc
    Remoteaccess
    Schedule
    Seclogon
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Themes
    TrkWks
    UxTuneUp
    W32Time
    WZCSVC
    Wmi
    WmdmPmSp
    winmgmt
    TermService
    BITS
    ShellHWDetection
    helpsvc
    xmlprov
    wscsvc
    WmdmPmSN
    napagent
    hkmsvc
    wuauserv
    uploadmgr
    ip6fwhlp
    mhn
    sacsvr
    trksvr
    .
    Rebuilding ... You need to reboot your machine for this to take effect.
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-29 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
    .
    2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:23]
    .
    2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
    .
    2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    LSP: c:\windows\system32\idmmbc.dll
    Trusted Zone: thephins.com\www
    Trusted Zone: tube8.com\www
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\
    FF - prefs.js: browser.search.selectedEngine - Claro Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
    FF - ExtSQL: 2012-10-02 02:28; OneClickDownload@OneClickDownload.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
    FF - ExtSQL: 2012-10-03 19:55; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
    FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
    FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
    FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.claro.autoRvrt - false
    FF - user.js: extensions.claro_i.newTab - false
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef -
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-29 00:22
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24851210-fc14-4b19-812b-d9133aea46a2}]
    @Denied: (Full) (Everyone)
    "Model"=dword:0000006a
    "Therad"=dword:0000001e
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):0f,97,2f,57,31,e5,f7,f5,ae,6e,91,35,40,51,ee,d8,1c,63,4d,97,f6,
    f7,49,aa,01,84,04,4a,f0,68,42,14,0b,0c,db,ea,27,fb,fd,07,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(980)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    - - - - - - - > 'explorer.exe'(824)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    Completion time: 2012-11-29 00:24:15
    ComboFix-quarantined-files.txt 2012-11-29 08:24
    ComboFix2.txt 2012-11-25 20:17
    ComboFix3.txt 2012-06-04 05:07
    .
    Pre-Run: 2,634,694,656 bytes free
    Post-Run: 2,632,753,152 bytes free
    .
    - - End Of File - - DBB345553D2D6CE6ABD6AF34C456197C
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  15. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    OTL logfile created on: 11/29/2012 8:42:13 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Master Blaster\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.95% Memory free
    3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.84% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 127.99 Gb Total Space | 2.48 Gb Free Space | 1.94% Space Free | Partition Type: NTFS
    Drive D: | 3.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 149.04 Gb Total Space | 0.88 Gb Free Space | 0.59% Space Free | Partition Type: NTFS
    Drive F: | 149.05 Gb Total Space | 0.23 Gb Free Space | 0.15% Space Free | Partition Type: NTFS
    Drive G: | 570.65 Gb Total Space | 0.18 Gb Free Space | 0.03% Space Free | Partition Type: NTFS

    Computer Name: ENDLESS | User Name: Master Blaster | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/29 20:39:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
    PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe
    PRC - [2012/10/08 15:23:29 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/06/09 18:11:36 | 003,225,144 | ---- | M] (SoftPerfect Research) -- C:\Program Files\NetWorx\networx.exe
    PRC - [2011/10/07 01:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
    PRC - [2011/09/27 11:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    PRC - [2011/03/23 20:55:31 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
    PRC - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/15 03:06:57 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
    MOD - [2012/09/12 15:32:08 | 000,088,688 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/10/07 01:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
    MOD - [2011/09/17 10:48:22 | 000,480,256 | ---- | M] () -- C:\Program Files\NetWorx\sqlite.dll
    MOD - [2008/02/02 22:08:12 | 001,722,368 | ---- | M] () -- C:\Program Files\TUGZip\Plugins\TzArchive10.tgp
    MOD - [2007/03/12 22:34:20 | 000,162,304 | ---- | M] () -- C:\WINDOWS\system32\ztvunrar36.dll
    MOD - [2006/05/14 12:03:54 | 000,655,360 | ---- | M] () -- C:\Program Files\TUGZip\TzShell.dll
    MOD - [2005/02/17 22:15:22 | 000,077,824 | ---- | M] () -- C:\Program Files\TUGZip\Plugins\TzImage10.tgp


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slabser.dll -- (wwsecsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-mobile-gateway.dll -- (vstor2-ws60)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcf_device.dll -- (vet-filt)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lanmanworkstation.dll -- (UPATC)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EMCFILT.dll -- (tng-dts)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\issm.dll -- (tng-dtmg)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cyberpowerups.dll -- (TIEHDUSB)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hdaudbus.dll -- (StkASSrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\transactional.dll -- (s116obex)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CiscoVpnInstallService.dll -- (rismxdp)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cbidf.dll -- (PSSdk21)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SenFiltService.dll -- (protectionservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlndsdl.dll -- (pdlnatdl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpf4.dll -- (pav_security)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SSFS0BB9.dll -- (ovt519)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FiltUSBEMPIA.dll -- (ofcpfwsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovmsmaccessmanager.dll -- (MSMQ)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmindexingservice.dll -- (lxcf_device)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bglivesvc.dll -- (lvpopflt)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\g400.dll -- (ltmodem5)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsircsrv.dll -- (k750mgmt)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlbt_device.dll -- (hpqwmiex)
    SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysplant.dll -- (GMSIPCI)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AMDPCI.dll -- (G400DH)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpuidlep.dll -- (ctxcpubal)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58nd5.dll -- (ctdvda2k)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\keymaestro.dll -- (ccproxy)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MaVctrl.dll -- (bc_pat_f)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\quickhealfirewall.dll -- (atinevxx)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\veteboot.dll -- (ashampoodefragservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k750mdm.dll -- (ANC)
    SRV - [2012/11/13 18:23:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/12 10:48:12 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
    SRV - [2012/10/30 02:35:39 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/08 15:23:29 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2011/09/27 11:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2011/03/23 20:55:31 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
    SRV - [2011/03/23 20:55:28 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2009/11/16 03:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2009/10/20 10:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ythte.sys -- (pneclo)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/09 19:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2011/09/01 22:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2011/09/01 22:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2011/09/01 22:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV - [2011/09/01 22:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
    DRV - [2011/09/01 22:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2011/04/15 13:12:12 | 000,051,640 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\networx.sys -- (networx)
    DRV - [2011/03/30 10:46:12 | 000,101,392 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
    DRV - [2010/09/14 23:06:30 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tnloa.sys -- (ubsvve)
    DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/12/02 11:21:00 | 000,020,616 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
    DRV - [2009/12/02 11:20:58 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
    DRV - [2009/12/02 11:20:56 | 000,026,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
    DRV - [2009/12/02 11:20:54 | 000,122,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
    DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/11/28 21:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
    DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [1999/12/31 16:00:00 | 001,651,204 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {E8C55CB3-E3EA-413F-8B93-A649BC4ADBB5}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=allp&s={searchTerms}&f=4&hl={language}&src=chrm
    IE - HKLM\..\SearchScopes\{E8C55CB3-E3EA-413F-8B93-A649BC4ADBB5}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=allp&s={searchTerms}&f=4
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={sea..._clro&mntrId=f81deddd000000000000001e90e94f32
    IE - HKCU\..\SearchScopes\{704AEDAB-21AD-4444-BBF4-21A376D119A8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKCU\..\SearchScopes\{E8C55CB3-E3EA-413F-8B93-A649BC4ADBB5}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{FBD9499A-91EC-C593-1D50-7512683B52A6}: "URL" = http://www.bing.com/search?q={searc...&install_date=20111010&iesrc={referrer:source}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Claro Search"
    FF - prefs.js..browser.search.order.1: "Claro Search"
    FF - prefs.js..browser.search.selectedEngine: "Claro Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
    FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - prefs.js..keyword.URL: "http://www.claro-search.com/?affID=...lro&mntrId=f81deddd000000000000001e90e94f32&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/22 21:30:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/30 02:35:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/22 00:31:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Master Blaster\Application Data\IDM\idmmzcc3 [2012/06/06 04:48:22 | 000,000,000 | ---D | M]

    [2010/05/10 00:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Extensions
    [2012/11/27 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions
    [2010/07/13 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/10/08 15:26:43 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
    [2012/11/04 10:04:47 | 000,214,127 | ---- | M] () (No name found) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
    [2012/10/03 18:55:27 | 000,341,143 | ---- | M] () (No name found) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
    [2012/10/30 02:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/10/30 02:35:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/04/21 14:21:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/04/30 17:36:14 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/20 23:08:09 | 000,006,521 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/09/30 09:12:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/02/19 04:26:21 | 000,002,047 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchallp.xml
    [2012/10/12 03:17:54 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/11/27 19:36:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
    O15 - HKCU\..Trusted Domains: thephins.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: tube8.com ([www] http in Trusted sites)
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260536422999 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1349866232665 (MUWebControl Class)
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9BB570A-1ED2-40E4-9399-351BC9C91395}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/12/10 20:40:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/29 20:39:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
    [2012/11/29 00:53:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/11/29 00:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
    [2012/11/29 00:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
    [2012/11/28 23:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\My Documents\scans
    [2012/11/25 12:07:30 | 005,006,177 | R--- | C] (Swearware) -- C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
    [2012/11/25 00:11:56 | 000,442,200 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
    [2012/11/24 14:16:16 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
    [2012/11/24 03:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Desktop\storage nov12
    [2012/11/23 05:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\My Documents\New Folder
    [2012/11/23 04:19:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/11/22 08:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Desktop\song_data
    [2012/11/21 23:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\My Documents\FrostWire
    [2012/11/21 23:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\.frostwire5
    [2012/11/21 23:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Real
    [2012/11/21 23:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Application Data\Real
    [2012/11/21 23:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
    [2012/11/21 23:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
    [2012/11/19 12:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData
    [2012/11/14 01:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Desktop\DWP
    [2012/11/08 02:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WS_FTP
    [2012/11/08 02:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\WS_FTP
    [2012/11/04 10:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Start Menu\Programs\FirstRowSportApp.com
    [2012/11/04 10:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\FirstRowSportApp.com
    [2012/11/02 01:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ffmpeg For Audacity
    [2012/11/02 01:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Application Data\Audacity
    [2012/11/02 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity

    ========== Files - Modified Within 30 Days ==========

    [2012/11/29 20:39:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
    [2012/11/29 20:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/11/29 20:04:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/29 20:00:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
    [2012/11/29 14:04:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/29 02:01:09 | 000,001,161 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
    [2012/11/29 01:40:21 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
    [2012/11/29 00:34:17 | 000,473,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/11/29 00:34:17 | 000,076,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/11/29 00:30:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/11/29 00:29:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/11/29 00:07:41 | 001,468,876 | ---- | M] () -- C:\Documents and Settings\Master Blaster\My Documents\authorization_release.pdf
    [2012/11/28 23:37:58 | 000,036,363 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
    [2012/11/28 04:13:46 | 000,000,472 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\audacity.rtf
    [2012/11/27 19:36:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/11/26 13:44:36 | 000,176,128 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/11/26 04:34:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/11/25 12:07:37 | 005,006,177 | R--- | M] (Swearware) -- C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
    [2012/11/25 10:07:27 | 004,742,932 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
    [2012/11/25 00:11:58 | 000,442,200 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
    [2012/11/24 14:18:56 | 000,000,453 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
    [2012/11/24 14:16:16 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
    [2012/11/24 06:25:13 | 152,292,227 | ---- | M] () -- C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
    [2012/11/23 23:47:19 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\latest greatest friday.rtf
    [2012/11/23 00:07:08 | 000,268,808 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\census.cache
    [2012/11/23 00:06:58 | 000,209,719 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ars.cache
    [2012/11/22 04:41:26 | 079,108,767 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
    [2012/11/22 00:13:06 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/11/19 11:00:31 | 015,401,600 | ---- | M] () -- C:\240P_400K_6203321[3].mp4
    [2012/11/19 10:57:54 | 043,588,603 | ---- | M] () -- C:\240P_352K_5225320-2012-11-19.mp4
    [2012/11/19 10:56:13 | 006,350,273 | ---- | M] () -- C:\general01_H_6493301_01-2012-11-19.mp4
    [2012/11/19 10:53:11 | 011,501,318 | ---- | M] () -- C:\1396_2000-2012-11-19.mp4
    [2012/11/15 03:51:28 | 003,449,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/11/15 03:06:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/11/07 19:12:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/04 10:04:47 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\FirstRowSportApp.lnk
    [2012/11/04 06:23:16 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\FirstRow Watch Live NFL Online. Watch Live NCAA Online. American Football Live Streams.url
    [2012/11/02 01:40:36 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\Audacity.lnk

    ========== Files Created - No Company Name ==========

    [2012/11/29 02:01:09 | 000,001,161 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
    [2012/11/29 01:40:21 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
    [2012/11/29 00:07:42 | 001,468,876 | ---- | C] () -- C:\Documents and Settings\Master Blaster\My Documents\authorization_release.pdf
    [2012/11/29 00:04:13 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2012/11/28 23:37:58 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
    [2012/11/28 04:13:46 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\audacity.rtf
    [2012/11/25 10:07:26 | 004,742,932 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
    [2012/11/24 14:18:56 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
    [2012/11/24 06:21:31 | 152,292,227 | ---- | C] () -- C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
    [2012/11/23 23:47:19 | 000,000,357 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\latest greatest friday.rtf
    [2012/11/22 04:35:21 | 079,108,767 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
    [2012/11/19 11:00:26 | 015,401,600 | ---- | C] () -- C:\240P_400K_6203321[3].mp4
    [2012/11/19 10:56:00 | 006,350,273 | ---- | C] () -- C:\general01_H_6493301_01-2012-11-19.mp4
    [2012/11/19 10:55:35 | 043,588,603 | ---- | C] () -- C:\240P_352K_5225320-2012-11-19.mp4
    [2012/11/19 10:53:03 | 011,501,318 | ---- | C] () -- C:\1396_2000-2012-11-19.mp4
    [2012/11/04 10:04:47 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\FirstRowSportApp.lnk
    [2012/11/04 06:23:16 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\FirstRow Watch Live NFL Online. Watch Live NCAA Online. American Football Live Streams.url
    [2012/11/02 01:40:36 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
    [2012/11/02 01:40:36 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\Audacity.lnk
    [2012/09/20 23:09:18 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\store-pp.jbs
    [2012/09/20 23:08:54 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
    [2012/07/28 03:01:12 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
    [2012/07/28 03:01:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
    [2012/06/03 20:58:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/06/03 20:58:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/06/03 20:58:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/06/03 20:58:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/06/03 20:58:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/04/10 18:48:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
    [2012/04/10 18:47:51 | 000,268,808 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\census.cache
    [2012/04/10 18:47:28 | 000,209,719 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ars.cache
    [2012/02/15 20:12:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/30 16:41:19 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Master Blaster\ntuser.pol
    [2012/01/18 01:47:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2012/01/18 01:46:47 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2012/01/18 01:46:45 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2012/01/18 01:46:45 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2011/11/16 07:58:23 | 000,001,352 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\of draft.mmpl
    [2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
    [2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
    [2011/05/09 02:02:27 | 000,000,293 | ---- | C] () -- C:\Program Files\adobeCS5.rtf
    [2011/03/26 20:16:19 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2011/03/26 20:16:19 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2011/01/08 04:29:21 | 000,000,132 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\Application Data\Adobe PNG Format CS5 Prefs
    [2011/01/08 04:19:56 | 000,000,132 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\Application Data\Adobe GIF Format CS5 Prefs
    [2010/10/10 22:20:04 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\housecall.guid.cache
    [2010/09/28 21:17:44 | 000,016,096 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Schedule8.dat
    [2010/03/22 11:43:12 | 000,033,564 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\Start Menu.rar
    [2010/02/15 00:32:15 | 000,000,105 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\default.pls
    [2009/12/11 23:14:32 | 000,176,128 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/02/21 03:45:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2009/10/28 21:38:22 | 001,509,888 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/05/11 15:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/04/30 17:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2012/09/20 23:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2011/12/12 03:17:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/10/09 04:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
    [2010/10/25 14:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2011/02/15 19:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
    [2012/08/03 01:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2010/07/21 17:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2011/01/30 23:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPjHfIb06510
    [2011/02/05 11:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kCmJhHl06511
    [2012/04/10 23:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/06/24 22:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
    [2011/05/09 01:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/06/19 04:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
    [2009/12/21 23:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2010/11/14 22:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager
    [2012/02/15 22:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
    [2011/11/17 21:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/08/21 14:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/12/21 23:34:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
    [2010/10/16 03:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\adma
    [2011/08/19 21:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Alien Skin
    [2012/11/25 14:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Audacity
    [2011/03/09 23:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Aura4You
    [2012/04/30 17:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\AVG Secure Search
    [2012/09/20 23:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Babylon
    [2011/06/29 19:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\BitZipper
    [2012/02/07 11:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Canon
    [2011/02/08 06:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/12/12 01:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\CheckPoint
    [2010/09/14 19:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\ColorCop
    [2012/02/22 21:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\DDMSettings
    [2012/11/28 05:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\DMCache
    [2011/10/09 22:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\FLV Extract
    [2011/04/18 19:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\GetRightToGo
    [2012/11/25 15:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\IDM
    [2011/01/30 12:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Leadertech
    [2010/06/18 20:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\mjusbsp
    [2012/03/07 04:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Moyea
    [2012/02/29 04:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\MusicBrainz
    [2012/11/21 23:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
    [2012/06/12 17:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\OpenOffice.org
    [2010/04/30 06:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Panda Security
    [2009/12/21 23:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\TuneUp Software
    ========== Purity Check ==========


    < End of report >
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  17. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Hi Jay,
    While I very much appreciate your efforts, which appeared to have this rodent ensnared, if not caged, I suspect there's either a viral epidemic taking place, and I seriously need to alter my browsing nature, and security, or I somehow unleashed the wrath of whatever creature remained in my machine, as it currently wont boot.
    Actually, it boots to a blank, white screen from where I can only access the task manager. Any attempts into Safe Mode or Safe Mode with Networking results in a log off / looping restart.
    One other specific is that when the yes/no option appears entering safe mode asking about restore, another box opens stating Malwarebytes has stopped working / end task. Also, I believe I initially noticed one of those felonious FBI ransom warnings briefly splash on the display.

    Posted with my backup PC.
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTLPE + Farbar Recovery Scan Tool

    • Download OTLPENet.exe to your desktop
    • Download Farbar Recovery Scan Tool and save it to a flash drive.
    • Ensure that you have a blank CD in the drive
    • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
    • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads [​IMG]
    • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
    • Insert the flash drive with FRST on it
    • Locate the flash drive and run FSRT
    • The tool will start to run.
    [​IMG]
    • When the tool opens click Yes to disclaimer.
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  19. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2012
    Ran by SYSTEM at 03-12-2012 02:55:19
    Running from G:\
    Microsoft Windows XP (X86) OS Language: English(US)
    The current controlset is ControlSet002

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1468296 2009-06-01] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
    HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1313640 1999-12-31] (Microsoft Corporation)
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
    HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2011-11-10] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
    HKLM\...\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto [3225144 2012-06-09] (SoftPerfect Research)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]
    HKU\Master Blaster\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
    HKU\Master Blaster\...\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
    HKU\Master Blaster\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
    HKU\Master Blaster\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Master Blaster\Application Data\skype.dat [87911 2010-12-09] ()
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
    Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
    Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)

    ==================== Services (Whitelisted) ===================

    2 ASTSRV; C:\WINDOWS\system32\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.)
    2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
    2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-03-23] (TuneUp Software)
    2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-03-23] (TuneUp Software)
    2 Akamai; c:\program files\common files\akamai/netsession_win_ce5ba24.dll [x]
    2 ANC; C:\Windows\System32\k750mdm.dll [x]
    4 arrayssl_vpn_service3,0,1,9; [x]
    2 ashampoodefragservice; C:\Windows\System32\veteboot.dll [x]
    4 AsusACPI; [x]
    2 atinevxx; C:\Windows\System32\quickhealfirewall.dll [x]
    4 atkdisplf; [x]
    4 awhost32; [x]
    2 bc_pat_f; C:\Windows\System32\MaVctrl.dll [x]
    2 ccproxy; C:\Windows\System32\keymaestro.dll [x]
    4 CTDevice_Srv; [x]
    2 ctdvda2k; C:\Windows\System32\se58nd5.dll [x]
    2 ctxcpubal; C:\Windows\System32\cpuidlep.dll [x]
    4 F700iat; [x]
    2 G400DH; C:\Windows\System32\AMDPCI.dll [x]
    2 GMSIPCI; C:\Windows\System32\sysplant.dll [x]
    2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [x]
    2 hpqwmiex; C:\Windows\System32\dlbt_device.dll [x]
    4 imountsrv; [x]
    2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
    2 k750mgmt; C:\Windows\System32\tsircsrv.dll [x]
    2 ltmodem5; C:\Windows\System32\g400.dll [x]
    2 lvpopflt; C:\Windows\System32\bglivesvc.dll [x]
    2 lxcf_device; C:\Windows\System32\nmindexingservice.dll [x]
    4 mqdmbus; [x]
    2 MSMQ; C:\Windows\System32\ovmsmaccessmanager.dll [x]
    2 ofcpfwsvc; C:\Windows\System32\FiltUSBEMPIA.dll [x]
    2 ovt519; C:\Windows\System32\SSFS0BB9.dll [x]
    2 pav_security; C:\Windows\System32\kpf4.dll [x]
    2 pdlnatdl; C:\Windows\System32\pdlndsdl.dll [x]
    2 protectionservice; C:\Windows\System32\SenFiltService.dll [x]
    2 PSSdk21; C:\Windows\System32\cbidf.dll [x]
    2 rismxdp; C:\Windows\System32\CiscoVpnInstallService.dll [x]
    3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
    2 s116obex; C:\Windows\System32\transactional.dll [x]
    2 StkASSrv; C:\Windows\System32\hdaudbus.dll [x]
    4 tga; [x]
    2 TIEHDUSB; C:\Windows\System32\cyberpowerups.dll [x]
    2 tng-dtmg; C:\Windows\System32\issm.dll [x]
    2 tng-dts; C:\Windows\System32\EMCFILT.dll [x]
    2 UPATC; C:\Windows\System32\lanmanworkstation.dll [x]
    2 vet-filt; C:\Windows\System32\dlcf_device.dll [x]
    2 vstor2-ws60; C:\Windows\System32\vaiomediaplatform-mobile-gateway.dll [x]
    2 wwsecsvc; C:\Windows\System32\slabser.dll [x]

    ==================== Drivers (Whitelisted) ====================

    3 APLMp50; C:\Windows\System32\Drivers\APLMp50.sys [28224 2006-11-29] (Printing Communications Assoc., Inc. (PCAUSA))
    3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7493120 2011-11-09] (ATI Technologies Inc.)
    3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101392 2011-03-30] (Advanced Micro Devices)
    0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [26248 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [122504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    3 EUDSKACS; \??\C:\WINDOWS\system32\drivers\eudskacs.sys [14216 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    0 EUFS; C:\Windows\System32\drivers\eufs.sys [20616 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
    2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12184 2011-09-02] (Logitech, Inc.)
    3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
    3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
    3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
    3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
    1 networx; C:\Windows\System32\drivers\networx.sys [51640 2011-04-15] (NetFilterSDK.com)
    2 npf; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
    3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-11-11] (Microsoft Corporation)
    3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
    3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    3 STHDA; C:\Windows\System32\drivers\sthda.sys [1651204 1999-12-31] (IDT, Inc.)
    4 ubsvve; C:\Windows\System32\drivers\tnloa.sys [54016 2010-09-15] ()
    3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
    3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
    3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
    4 Abiosdsk; [x]
    4 abp480n5; [x]
    4 adpu160m; [x]
    4 Aha154x; [x]
    4 aic78u2; [x]
    4 aic78xx; [x]
    4 AliIde; [x]
    4 amsint; [x]
    4 asc; [x]
    4 asc3350p; [x]
    4 asc3550; [x]
    4 Atdisk; [x]
    3 catchme; \??\C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\catchme.sys [x]
    4 cd20xrnt; [x]
    1 Changer; [x]
    4 CmdIde; [x]
    4 Cpqarray; [x]
    4 dac2w2k; [x]
    4 dac960nt; [x]
    4 dpti2o; [x]
    3 ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [x]
    4 hpn; [x]
    4 hpt3xx; [x]
    1 i2omgmt; [x]
    4 i2omp; [x]
    4 ini910u; [x]
    4 IntelIde; [x]
    1 lbrtfdc; [x]
    4 mraid35x; [x]
    1 PCIDump; [x]
    3 PDCOMP; [x]
    3 PDFRAME; [x]
    3 PDRELI; [x]
    3 PDRFRAME; [x]
    4 perc2; [x]
    4 perc2hib; [x]
    0 pneclo; C:\Windows\System32\drivers\ythte.sys [x]
    4 ql1080; [x]
    4 Ql10wnt; [x]
    4 ql12160; [x]
    4 ql1240; [x]
    4 ql1280; [x]
    4 Simbad; [x]
    4 Sparrow; [x]
    4 symc810; [x]
    4 symc8xx; [x]
    4 sym_hi; [x]
    4 sym_u3; [x]
    4 TosIde; [x]
    4 ultra; [x]
    4 ViaIde; [x]
    3 WDICA; [x]
    2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [x]

    ==================== NetSvcs (Whitelisted) ===================

    NETSVC: vet-filt -> C:\Windows\system32\dlcf_device.dll ==> No File.
    NETSVC: lvpopflt -> C:\Windows\system32\bglivesvc.dll ==> No File.
    NETSVC: mcredirector -> No Registry Path.
    NETSVC: bc_pat_f -> C:\Windows\system32\MaVctrl.dll ==> No File.
    NETSVC: rismxdp -> C:\Windows\system32\CiscoVpnInstallService.dll ==> No File.
    NETSVC: UPATC -> C:\Windows\system32\lanmanworkstation.dll ==> No File.
    NETSVC: CTDevice_Srv -> ==> No File.
    NETSVC: imountsrv -> ==> No File.
    NETSVC: vstor2-ws60 -> C:\Windows\system32\vaiomediaplatform-mobile-gateway.dll ==> No File.
    NETSVC: awhost32 -> ==> No File.
    NETSVC: protectionservice -> C:\Windows\system32\SenFiltService.dll ==> No File.
    NETSVC: ovt519 -> C:\Windows\system32\SSFS0BB9.dll ==> No File.
    NETSVC: lxcf_device -> C:\Windows\system32\nmindexingservice.dll ==> No File.
    NETSVC: CBN -> No Registry Path.
    NETSVC: Bcim -> No Registry Path.
    NETSVC: fsaa -> No Registry Path.
    NETSVC: fasttrackinstallerservice -> No Registry Path.
    NETSVC: comhost -> No Registry Path.
    NETSVC: DVDRC -> No Registry Path.
    NETSVC: StkASSrv -> C:\Windows\system32\hdaudbus.dll ==> No File.
    NETSVC: s116obex -> C:\Windows\system32\transactional.dll ==> No File.
    NETSVC: ltmodem5 -> C:\Windows\system32\g400.dll ==> No File.
    NETSVC: PSSdk21 -> C:\Windows\system32\cbidf.dll ==> No File.
    NETSVC: hpqwmiex -> C:\Windows\system32\dlbt_device.dll ==> No File.
    NETSVC: k750mgmt -> C:\Windows\system32\tsircsrv.dll ==> No File.
    NETSVC: pav_security -> C:\Windows\system32\kpf4.dll ==> No File.
    NETSVC: TIEHDUSB -> C:\Windows\system32\cyberpowerups.dll ==> No File.
    NETSVC: ctdvda2k -> C:\Windows\system32\se58nd5.dll ==> No File.
    NETSVC: ctxcpubal -> C:\Windows\system32\cpuidlep.dll ==> No File.
    NETSVC: ofcpfwsvc -> C:\Windows\system32\FiltUSBEMPIA.dll ==> No File.
    NETSVC: ccproxy -> C:\Windows\system32\keymaestro.dll ==> No File.
    NETSVC: G400DH -> C:\Windows\system32\AMDPCI.dll ==> No File.
    NETSVC: atinevxx -> C:\Windows\system32\quickhealfirewall.dll ==> No File.
    NETSVC: ashampoodefragservice -> C:\Windows\system32\veteboot.dll ==> No File.
    NETSVC: agnwifi -> No Registry Path.
    NETSVC: SRTSPL -> No Registry Path.
    NETSVC: keriomailserver -> No Registry Path.
    NETSVC: wmccdsls -> No Registry Path.
    NETSVC: aolavupd -> No Registry Path.
    NETSVC: hsxhwazl -> No Registry Path.
    NETSVC: MSMQ -> C:\Windows\system32\ovmsmaccessmanager.dll ==> No File.
    NETSVC: tng-dts -> C:\Windows\system32\EMCFILT.dll ==> No File.
    NETSVC: tng-dtmg -> C:\Windows\system32\issm.dll ==> No File.
    NETSVC: F700iat -> ==> No File.
    NETSVC: arrayssl_vpn_service3,0,1,9 -> ==> No File.
    NETSVC: pdlnatdl -> C:\Windows\system32\pdlndsdl.dll ==> No File.
    NETSVC: atkdisplf -> ==> No File.
    NETSVC: tga -> ==> No File.
    NETSVC: AsusACPI -> ==> No File.
    NETSVC: mqdmbus -> ==> No File.
    NETSVC: GMSIPCI -> C:\Windows\system32\sysplant.dll ==> No File.
    NETSVC: ANC -> C:\Windows\system32\k750mdm.dll ==> No File.
    NETSVC: wwsecsvc -> C:\Windows\system32\slabser.dll ==> No File.
    NETSVC: ip6fwhlp -> No Registry Path.
    NETSVC: mhn -> No Registry Path.
    NETSVC: sacsvr -> No Registry Path.
    NETSVC: trksvr -> No Registry Path.

    ==================== One Month Created Files and Folders ========

    2012-12-03 02:55 - 2012-12-03 02:55 - 00000000 ____D C:\FRST
    2012-11-30 09:19 - 2012-11-30 09:51 - 00000004 ____A C:\Documents and Settings\Master Blaster\Application Data\skype.ini
    2012-11-30 02:02 - 2012-11-30 02:02 - 00000353 ____A C:\Documents and Settings\Master Blaster\Desktop\Sissel - O Mio Babbino Caro - YouTube.url
    2012-11-29 23:47 - 2012-11-29 23:47 - 00097778 ____A C:\Documents and Settings\Master Blaster\Desktop\OTL.Txt
    2012-11-29 23:47 - 2012-11-29 23:47 - 00048308 ____A C:\Documents and Settings\Master Blaster\Desktop\Extras.Txt
    2012-11-29 23:39 - 2012-11-29 23:39 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
    2012-11-29 05:01 - 2012-11-29 05:01 - 00001161 ____A C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
    2012-11-29 04:40 - 2012-11-29 04:40 - 00001631 ____A C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
    2012-11-29 03:24 - 2012-11-29 03:24 - 00019124 ____A C:\ComboFix.txt
    2012-11-29 03:05 - 2012-11-29 03:05 - 00000000 ____D C:\Program Files\GPLGS
    2012-11-29 03:04 - 2012-09-12 18:32 - 00088688 ____A C:\Windows\System32\cpwmon2k.dll
    2012-11-29 02:37 - 2012-11-29 02:37 - 00036363 ____A C:\Windows\CSTBox.INI
    2012-11-29 02:28 - 2012-11-29 02:32 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\scans
    2012-11-27 01:27 - 2012-11-27 01:27 - 00019195 ____A C:\Documents and Settings\Master Blaster\Desktop\comboscan.txt
    2012-11-25 15:07 - 2012-11-25 15:07 - 05006177 ____R (Swearware) C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
    2012-11-25 13:07 - 2012-11-25 13:07 - 04742932 ____A C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
    2012-11-25 03:11 - 2012-11-25 03:11 - 00442200 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
    2012-11-24 17:18 - 2012-11-24 17:18 - 00000453 ____A C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
    2012-11-24 17:16 - 2012-11-24 17:16 - 04732416 ____A (AVAST Software) C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
    2012-11-24 09:21 - 2012-11-24 09:25 - 152292227 ____A C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
    2012-11-24 06:36 - 2012-11-24 06:36 - 00025585 ____A C:\Documents and Settings\Master Blaster\Desktop\attach.txt
    2012-11-24 06:36 - 2012-11-24 06:36 - 00015803 ____A C:\Documents and Settings\Master Blaster\Desktop\dds.txt
    2012-11-24 06:30 - 2012-11-24 06:33 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\storage nov12
    2012-11-23 08:12 - 2012-11-23 08:12 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\New Folder
    2012-11-23 07:19 - 2012-11-23 07:19 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-22 11:55 - 2012-11-22 11:55 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\song_data
    2012-11-22 07:35 - 2012-11-22 07:41 - 79108767 ____A C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
    2012-11-22 03:52 - 2012-11-22 03:52 - 00110592 ____A C:\Windows\Minidump\Mini112212-01.dmp
    2012-11-22 02:44 - 2012-11-22 03:09 - 00000000 ____D C:\Documents and Settings\Master Blaster\.frostwire5
    2012-11-22 02:44 - 2012-11-22 02:45 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\FrostWire
    2012-11-22 02:41 - 2012-11-22 03:31 - 00000000 ____D C:\Program Files\Real
    2012-11-22 02:41 - 2012-11-22 03:31 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Real
    2012-11-22 02:40 - 2012-11-22 03:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
    2012-11-22 02:40 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
    2012-11-19 15:23 - 2012-11-25 15:14 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData
    2012-11-19 14:00 - 2012-11-19 14:00 - 15401600 ____A C:\240P_400K_6203321[3].mp4
    2012-11-19 13:56 - 2012-11-19 13:56 - 06350273 ____A C:\general01_H_6493301_01-2012-11-19.mp4
    2012-11-19 13:55 - 2012-11-19 13:57 - 43588603 ____A C:\240P_352K_5225320-2012-11-19.mp4
    2012-11-19 13:53 - 2012-11-19 13:53 - 11501318 ____A C:\1396_2000-2012-11-19.mp4
    2012-11-19 12:17 - 2012-11-19 12:16 - 00110592 ____A C:\Windows\Minidump\Mini111912-01.dmp
    2012-11-15 06:07 - 2012-11-15 06:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
    2012-11-15 06:06 - 2012-11-22 08:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
    2012-11-15 03:01 - 2012-11-15 06:07 - 00011727 ____A C:\Windows\KB2727528.log
    2012-11-15 03:01 - 2012-11-15 06:06 - 00013180 ____A C:\Windows\KB2761226.log
    2012-11-14 04:20 - 2012-11-14 04:20 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\DWP
    2012-11-08 05:19 - 2012-11-08 05:19 - 00000000 ____D C:\Program Files\WS_FTP
    2012-11-04 13:04 - 2012-11-04 13:04 - 00000810 ____A C:\Documents and Settings\Master Blaster\Desktop\FirstRowSportApp.lnk
    2012-11-04 13:04 - 2012-11-04 13:04 - 00000000 ____D C:\Program Files\FirstRowSportApp.com
    2012-11-04 09:23 - 2012-11-04 09:23 - 00000291 ____A C:\Documents and Settings\Master Blaster\Desktop\FirstRow Watch Live NFL Online. Watch Live NCAA Online. American Football Live Streams.url

    ==================== One Month Modified Files and Folders ========

    2012-12-03 02:55 - 2012-12-03 02:55 - 00000000 ____D C:\FRST
    2012-11-30 09:52 - 2012-01-18 04:51 - 00524288 ____A C:\Windows\System32\config\ACEEvent.evt
    2012-11-30 09:52 - 2009-12-22 02:35 - 00524288 ____A C:\Windows\System32\config\TuneUp.evt
    2012-11-30 09:52 - 2009-12-11 08:00 - 01192070 ____A C:\Windows\WindowsUpdate.log
    2012-11-30 09:52 - 2009-12-10 23:49 - 00000178 __ASH C:\Documents and Settings\Master Blaster\ntuser.ini
    2012-11-30 09:52 - 2009-12-10 23:42 - 00032362 ____A C:\Windows\SchedLgU.Txt
    2012-11-30 09:52 - 2009-12-10 23:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-30 09:52 - 2009-12-10 14:38 - 00000216 ____A C:\Windows\wiadebug.log
    2012-11-30 09:51 - 2012-11-30 09:19 - 00000004 ____A C:\Documents and Settings\Master Blaster\Application Data\skype.ini
    2012-11-30 09:48 - 2012-06-27 02:49 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-30 09:48 - 2010-08-12 06:17 - 00000504 ____A C:\Windows\Tasks\1-Click Maintenance.job
    2012-11-30 09:48 - 2010-05-07 02:43 - 00000000 ____D C:\Program Files\Common Files\Akamai
    2012-11-30 09:48 - 2009-12-10 23:49 - 00000062 __ASH C:\Documents and Settings\Master Blaster\Local Settings\desktop.ini
    2012-11-30 09:48 - 2009-12-10 14:38 - 00000050 ____A C:\Windows\wiaservc.log
    2012-11-30 09:48 - 2001-08-23 07:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
    2012-11-30 09:47 - 2009-12-10 23:42 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
    2012-11-30 09:47 - 2009-12-10 23:42 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
    2012-11-30 09:39 - 2009-12-12 03:07 - 00000000 __SHD C:\Windows\CSC
    2012-11-30 09:18 - 2012-04-29 04:23 - 00000000 ____D C:\hidownload
    2012-11-30 09:17 - 2009-12-13 01:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\IDM
    2012-11-30 09:04 - 2012-06-27 02:49 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-30 08:59 - 2012-03-17 08:45 - 00000000 ____D C:\IDM
    2012-11-30 08:33 - 2012-04-02 04:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-30 02:02 - 2012-11-30 02:02 - 00000353 ____A C:\Documents and Settings\Master Blaster\Desktop\Sissel - O Mio Babbino Caro - YouTube.url
    2012-11-30 01:36 - 2009-12-13 01:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\DMCache
    2012-11-30 00:26 - 2011-02-21 05:54 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\vlc
    2012-11-29 23:47 - 2012-11-29 23:47 - 00097778 ____A C:\Documents and Settings\Master Blaster\Desktop\OTL.Txt
    2012-11-29 23:47 - 2012-11-29 23:47 - 00048308 ____A C:\Documents and Settings\Master Blaster\Desktop\Extras.Txt
    2012-11-29 23:39 - 2012-11-29 23:39 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
    2012-11-29 23:30 - 2012-01-12 08:29 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\New Folder
    2012-11-29 05:01 - 2012-11-29 05:01 - 00001161 ____A C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
    2012-11-29 04:40 - 2012-11-29 04:40 - 00001631 ____A C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
    2012-11-29 04:03 - 2012-08-07 06:46 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\send
    2012-11-29 03:34 - 2009-12-10 14:37 - 00559994 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-29 03:24 - 2012-11-29 03:24 - 00019124 ____A C:\ComboFix.txt
    2012-11-29 03:24 - 2012-06-03 23:58 - 00000000 ___AD C:\Qoobox
    2012-11-29 03:22 - 2001-08-23 07:00 - 00000227 ____A C:\Windows\system.ini
    2012-11-29 03:07 - 2010-02-02 04:10 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\CutePDF Writer
    2012-11-29 03:05 - 2012-11-29 03:05 - 00000000 ____D C:\Program Files\GPLGS
    2012-11-29 03:04 - 2010-02-02 04:08 - 00000000 ____D C:\Program Files\Acro Software
    2012-11-29 03:01 - 2009-12-10 14:29 - 00000000 ____D C:\Windows\Resources
    2012-11-29 02:37 - 2012-11-29 02:37 - 00036363 ____A C:\Windows\CSTBox.INI
    2012-11-29 02:32 - 2012-11-29 02:28 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\scans
    2012-11-28 12:56 - 2012-06-14 05:47 - 00017857 ____A C:\Windows\wmsetup.log
    2012-11-28 07:49 - 2011-12-05 13:50 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\shortcuts2
    2012-11-27 04:33 - 2009-12-12 22:30 - 00000000 ____D C:\Earth
    2012-11-27 01:28 - 2012-04-28 03:31 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\uTorrent
    2012-11-27 01:27 - 2012-11-27 01:27 - 00019195 ____A C:\Documents and Settings\Master Blaster\Desktop\comboscan.txt
    2012-11-26 16:44 - 2009-12-12 02:14 - 00176128 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-11-26 07:34 - 2010-04-08 01:09 - 00000116 ____A C:\Windows\NeroDigital.ini
    2012-11-25 17:55 - 2012-11-02 04:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Audacity
    2012-11-25 15:14 - 2012-11-19 15:23 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData
    2012-11-25 15:07 - 2012-11-25 15:07 - 05006177 ____R (Swearware) C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
    2012-11-25 13:07 - 2012-11-25 13:07 - 04742932 ____A C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
    2012-11-25 05:52 - 2011-09-05 19:07 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\suki
    2012-11-25 03:11 - 2012-11-25 03:11 - 00442200 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
    2012-11-24 17:18 - 2012-11-24 17:18 - 00000453 ____A C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
    2012-11-24 17:16 - 2012-11-24 17:16 - 04732416 ____A (AVAST Software) C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
    2012-11-24 09:25 - 2012-11-24 09:21 - 152292227 ____A C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
    2012-11-24 06:36 - 2012-11-24 06:36 - 00025585 ____A C:\Documents and Settings\Master Blaster\Desktop\attach.txt
    2012-11-24 06:36 - 2012-11-24 06:36 - 00015803 ____A C:\Documents and Settings\Master Blaster\Desktop\dds.txt
    2012-11-24 06:34 - 2011-12-05 13:48 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\all superb
    2012-11-24 06:33 - 2012-11-24 06:30 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\storage nov12
    2012-11-23 08:17 - 2012-10-09 05:05 - 00000000 ____D C:\Collection
    2012-11-23 08:12 - 2012-11-23 08:12 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\New Folder
    2012-11-23 07:19 - 2012-11-23 07:19 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-23 03:07 - 2012-04-10 21:47 - 00268808 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\census.cache
    2012-11-23 03:06 - 2012-04-10 21:47 - 00209719 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ars.cache
    2012-11-22 11:55 - 2012-11-22 11:55 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\song_data
    2012-11-22 10:05 - 2011-11-03 19:41 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai
    2012-11-22 09:19 - 2010-02-21 06:45 - 00000000 ____D C:\Windows\Microsoft.NET
    2012-11-22 08:40 - 2010-04-15 05:02 - 00000000 __HDC C:\Windows\$NtUninstallKB980232$
    2012-11-22 08:23 - 2009-12-12 22:32 - 00000000 ____D C:\Program Files\Google
    2012-11-22 08:22 - 2012-11-15 06:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
    2012-11-22 07:51 - 2012-06-09 07:57 - 00036686 ____A C:\Windows\setupapi.log
    2012-11-22 07:51 - 2011-07-18 00:51 - 00000000 ____D C:\Program Files\Zune
    2012-11-22 07:46 - 2009-12-12 22:32 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Google
    2012-11-22 07:41 - 2012-11-22 07:35 - 79108767 ____A C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
    2012-11-22 07:39 - 2012-05-09 04:16 - 00003177 ____A C:\Windows\setupact.log
    2012-11-22 03:52 - 2012-11-22 03:52 - 00110592 ____A C:\Windows\Minidump\Mini112212-01.dmp
    2012-11-22 03:52 - 2009-12-13 07:25 - 00000000 ____D C:\Windows\Minidump
    2012-11-22 03:31 - 2012-11-22 02:41 - 00000000 ____D C:\Program Files\Real
    2012-11-22 03:31 - 2012-11-22 02:41 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Real
    2012-11-22 03:31 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
    2012-11-22 03:22 - 2012-10-30 05:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2012-11-22 03:13 - 2010-09-29 00:19 - 00001984 ____A C:\Windows\System32\d3d9caps.dat
    2012-11-22 03:09 - 2012-11-22 02:44 - 00000000 ____D C:\Documents and Settings\Master Blaster\.frostwire5
    2012-11-22 02:45 - 2012-11-22 02:44 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\FrostWire
    2012-11-22 02:41 - 2003-03-19 01:14 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
    2012-11-22 02:41 - 2003-02-21 07:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
    2012-11-22 02:40 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
    2012-11-22 02:15 - 2010-03-10 04:09 - 00000000 ____D C:\Program Files\PeerBlock
    2012-11-22 00:37 - 2012-10-27 23:52 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\volcano
    2012-11-19 14:00 - 2012-11-19 14:00 - 15401600 ____A C:\240P_400K_6203321[3].mp4
    2012-11-19 13:57 - 2012-11-19 13:55 - 43588603 ____A C:\240P_352K_5225320-2012-11-19.mp4
    2012-11-19 13:56 - 2012-11-19 13:56 - 06350273 ____A C:\general01_H_6493301_01-2012-11-19.mp4
    2012-11-19 13:53 - 2012-11-19 13:53 - 11501318 ____A C:\1396_2000-2012-11-19.mp4
    2012-11-19 12:16 - 2012-11-19 12:17 - 00110592 ____A C:\Windows\Minidump\Mini111912-01.dmp
    2012-11-15 06:51 - 2009-12-10 14:36 - 03449912 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-15 06:08 - 2009-12-11 14:24 - 64010424 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-11-15 06:07 - 2012-11-15 06:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
    2012-11-15 06:07 - 2012-11-15 03:01 - 00011727 ____A C:\Windows\KB2727528.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00177212 ____A C:\Windows\iis6.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00166931 ____A C:\Windows\FaxSetup.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00079812 ____A C:\Windows\ocgen.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00076167 ____A C:\Windows\tsoc.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00054570 ____A C:\Windows\comsetup.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00050000 ____A C:\Windows\msmqinst.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00033166 ____A C:\Windows\ntdtcsetup.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00029241 ____A C:\Windows\netfxocm.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00011475 ____A C:\Windows\MedCtrOC.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00009234 ____A C:\Windows\ocmsn.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00008397 ____A C:\Windows\tabletoc.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00008181 ____A C:\Windows\msgsocm.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00001393 ____A C:\Windows\imsins.log
    2012-11-15 06:06 - 2012-11-15 03:01 - 00013180 ____A C:\Windows\KB2761226.log
    2012-11-15 06:06 - 2009-12-10 14:37 - 00001393 ____A C:\Windows\imsins.BAK
    2012-11-15 03:01 - 2009-12-11 08:23 - 00000000 ___HD C:\Windows\$hf_mig$
    2012-11-14 04:20 - 2012-11-14 04:20 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\DWP
    2012-11-14 04:02 - 2009-12-12 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
    2012-11-13 21:23 - 2012-04-02 04:05 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-11-13 21:23 - 2011-05-17 05:58 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-11-09 20:15 - 2012-09-02 19:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\select
    2012-11-08 05:43 - 2011-06-24 03:09 - 00000000 ____D C:\mafa
    2012-11-08 05:19 - 2012-11-08 05:19 - 00000000 ____D C:\Program Files\WS_FTP
    2012-11-08 05:19 - 2009-12-10 23:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2012-11-08 05:19 - 2001-08-23 07:00 - 00000656 ____A C:\Windows\win.ini
    2012-11-07 22:12 - 2012-07-24 08:55 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-07 22:12 - 2012-04-10 19:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-11-06 19:49 - 2012-06-30 00:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2012-11-04 13:04 - 2012-11-04 13:04 - 00000810 ____A C:\Documents and Settings\Master Blaster\Desktop\FirstRowSportApp.lnk
    2012-11-04 13:04 - 2012-11-04 13:04 - 00000000 ____D C:\Program Files\FirstRowSportApp.com
    2012-11-04 09:23 - 2012-11-04 09:23 - 00000291 ____A C:\Documents and Settings\Master Blaster\Desktop\FirstRow Watch Live NFL Online. Watch Live NCAA Online. American Football Live Streams.url
    2012-11-04 08:58 - 2009-12-10 14:29 - 00000000 ____D C:\Windows\Help

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points (XP) =====================

    RP: -> 2012-11-30 03:45 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP219

    RP: -> 2012-11-29 03:04 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP218

    RP: -> 2012-11-29 01:07 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP217


    ==================== Memory info ===========================

    Percentage of memory in use: 12%
    Total physical RAM: 2047.17 MB
    Available physical RAM: 1791.02 MB
    Total Pagefile: 1877.82 MB
    Available Pagefile: 1816.46 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2002.18 MB

    ==================== Partitions =============================

    2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
    3 Drive c: () (Fixed) (Total:127.99 GB) (Free:1.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
    4 Drive d: (SATA) (Fixed) (Total:149.04 GB) (Free:0.88 GB) NTFS
    5 Drive e: (New Volume) (Fixed) (Total:570.65 GB) (Free:0.18 GB) NTFS
    6 Drive f: (SATA) (Fixed) (Total:149.05 GB) (Free:0.23 GB) NTFS
    7 Drive g: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
    8 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 699 GB 0 B
    Disk 1 Online 298 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 128 GB 32 KB
    Partition 2 Primary 571 GB 128 GB
    =========================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 128 GB Healthy
    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E New Volume NTFS Partition 571 GB Healthy
    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 149 GB 32 KB
    Partition 2 Primary 149 GB 149 GB
    =========================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D SATA NTFS Partition 149 GB Healthy
    =========================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F SATA NTFS Partition 149 GB Healthy
    =========================================================
    ==================== End Of Log ============================




    Search.txt

    Farbar Recovery Scan Tool (x86) Version: 02-12-2012
    Ran by SYSTEM at 2012-12-03 02:57:37
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\WINDOWS\system32\services.exe
    [2001-08-23 07:00] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

    C:\WINDOWS\system32\dllcache\services.exe
    [2009-12-11 09:30] - [2009-02-06 06:11] - 0110592 ____C (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

    C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2004-08-04 02:56] - [2008-04-13 19:12] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

    C:\WINDOWS\ERDNT\cache\services.exe
    [2012-04-18 01:35] - [2009-02-06 06:11] - 0110592 ___AC (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

    C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2009-12-11 09:37] - [2008-04-13 19:12] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

    C:\WINDOWS\$NtServicePackUninstall$\services.exe
    [2009-12-11 08:31] - [2004-08-04 02:56] - 0108032 ____C (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

    C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2009-12-11 09:30] - [2009-02-06 06:06] - 0110592 ___AC (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6

    === End Of Search ===
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  21. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    System Recovery Options? Is this a feature available through the Reatogo Desktop, or are you directing to access via the Recovery Console?
    If the latter, I'll probably need to install it. Previous attempts however, have been denied access, thwarted at the prompt for admin PW. I cant recall having ever set one, and though I could try to simply hit enter at the prompt, my understanding is that if a password isn't chosen, one is consequently allocated.
    Also, this particular XP Pro install involved the six setup floppy disks. I do have the CDROM for another, slightly newer version of XP Pro installed on another machine, if it would be easier, or possible to use.
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    My apologies, I meant to go back to REATOGO/OTLPE...and then run FRST again. Sorry I didn't edit that. :)
  23. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Ok, got it!

    Also, would I be correct in assuming FRST is programmed to scan its own directory flash drive for any fixlist.txt file, when the fix button is clicked? Or does it need to be directed to the file first?
  24. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-12-2012
    Ran by SYSTEM at 2012-12-04 18:49:57 Run:1
    Running from G:\

    ==============================================

    tga service deleted successfully.
    pneclo service deleted successfully.

    ==== End of Fixlog ====

    After running the fix, a normal boot returned to the curser on a white, blank screen, instead of the desktop.
    Cntrl Alt Delete, opens task manager on my own desktop background, but devoid of any icons.

    Rebooting into SafeMode still results in a looping restart.
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay, we need another FRST log. Please go to OTLPE again and run FRST scan, post new log. :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.