TechSpot

One large rat trap please

Solved
By SledgeProne
Nov 24, 2012
  1. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2012
    Ran by SYSTEM at 05-12-2012 18:01:47
    Running from G:\
    Microsoft Windows XP (X86) OS Language: English(US)
    The current controlset is ControlSet002

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1468296 2009-06-01] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
    HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1313640 1999-12-31] (Microsoft Corporation)
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
    HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2011-11-10] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
    HKLM\...\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto [3225144 2012-06-09] (SoftPerfect Research)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]
    HKU\Master Blaster\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
    HKU\Master Blaster\...\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
    HKU\Master Blaster\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
    HKU\Master Blaster\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Master Blaster\Application Data\skype.dat [87911 2010-12-09] ()
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
    Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
    Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)

    ==================== Services (Whitelisted) ===================

    2 ASTSRV; C:\WINDOWS\system32\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.)
    2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
    2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-03-23] (TuneUp Software)
    2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-03-23] (TuneUp Software)
    2 Akamai; c:\program files\common files\akamai/netsession_win_ce5ba24.dll [x]
    2 ANC; C:\Windows\System32\k750mdm.dll [x]
    4 arrayssl_vpn_service3,0,1,9; [x]
    2 ashampoodefragservice; C:\Windows\System32\veteboot.dll [x]
    4 AsusACPI; [x]
    2 atinevxx; C:\Windows\System32\quickhealfirewall.dll [x]
    4 atkdisplf; [x]
    4 awhost32; [x]
    2 bc_pat_f; C:\Windows\System32\MaVctrl.dll [x]
    2 ccproxy; C:\Windows\System32\keymaestro.dll [x]
    4 CTDevice_Srv; [x]
    2 ctdvda2k; C:\Windows\System32\se58nd5.dll [x]
    2 ctxcpubal; C:\Windows\System32\cpuidlep.dll [x]
    4 F700iat; [x]
    2 G400DH; C:\Windows\System32\AMDPCI.dll [x]
    2 GMSIPCI; C:\Windows\System32\sysplant.dll [x]
    2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [x]
    2 hpqwmiex; C:\Windows\System32\dlbt_device.dll [x]
    4 imountsrv; [x]
    2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
    2 k750mgmt; C:\Windows\System32\tsircsrv.dll [x]
    2 ltmodem5; C:\Windows\System32\g400.dll [x]
    2 lvpopflt; C:\Windows\System32\bglivesvc.dll [x]
    2 lxcf_device; C:\Windows\System32\nmindexingservice.dll [x]
    4 mqdmbus; [x]
    2 MSMQ; C:\Windows\System32\ovmsmaccessmanager.dll [x]
    2 ofcpfwsvc; C:\Windows\System32\FiltUSBEMPIA.dll [x]
    2 ovt519; C:\Windows\System32\SSFS0BB9.dll [x]
    2 pav_security; C:\Windows\System32\kpf4.dll [x]
    2 pdlnatdl; C:\Windows\System32\pdlndsdl.dll [x]
    2 protectionservice; C:\Windows\System32\SenFiltService.dll [x]
    2 PSSdk21; C:\Windows\System32\cbidf.dll [x]
    2 rismxdp; C:\Windows\System32\CiscoVpnInstallService.dll [x]
    3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
    2 s116obex; C:\Windows\System32\transactional.dll [x]
    2 StkASSrv; C:\Windows\System32\hdaudbus.dll [x]
    2 TIEHDUSB; C:\Windows\System32\cyberpowerups.dll [x]
    2 tng-dtmg; C:\Windows\System32\issm.dll [x]
    2 tng-dts; C:\Windows\System32\EMCFILT.dll [x]
    2 UPATC; C:\Windows\System32\lanmanworkstation.dll [x]
    2 vet-filt; C:\Windows\System32\dlcf_device.dll [x]
    2 vstor2-ws60; C:\Windows\System32\vaiomediaplatform-mobile-gateway.dll [x]
    2 wwsecsvc; C:\Windows\System32\slabser.dll [x]

    ==================== Drivers (Whitelisted) ====================

    3 APLMp50; C:\Windows\System32\Drivers\APLMp50.sys [28224 2006-11-29] (Printing Communications Assoc., Inc. (PCAUSA))
    3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7493120 2011-11-09] (ATI Technologies Inc.)
    3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101392 2011-03-30] (Advanced Micro Devices)
    0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [26248 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [122504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    3 EUDSKACS; \??\C:\WINDOWS\system32\drivers\eudskacs.sys [14216 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    0 EUFS; C:\Windows\System32\drivers\eufs.sys [20616 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
    3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
    2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12184 2011-09-02] (Logitech, Inc.)
    3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
    3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
    3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
    3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
    1 networx; C:\Windows\System32\drivers\networx.sys [51640 2011-04-15] (NetFilterSDK.com)
    2 npf; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
    3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-11-11] (Microsoft Corporation)
    3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
    3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    3 STHDA; C:\Windows\System32\drivers\sthda.sys [1651204 1999-12-31] (IDT, Inc.)
    4 ubsvve; C:\Windows\System32\drivers\tnloa.sys [54016 2010-09-15] ()
    3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
    3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
    3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
    4 Abiosdsk; [x]
    4 abp480n5; [x]
    4 adpu160m; [x]
    4 Aha154x; [x]
    4 aic78u2; [x]
    4 aic78xx; [x]
    4 AliIde; [x]
    4 amsint; [x]
    4 asc; [x]
    4 asc3350p; [x]
    4 asc3550; [x]
    4 Atdisk; [x]
    3 catchme; \??\C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\catchme.sys [x]
    4 cd20xrnt; [x]
    1 Changer; [x]
    4 CmdIde; [x]
    4 Cpqarray; [x]
    4 dac2w2k; [x]
    4 dac960nt; [x]
    4 dpti2o; [x]
    3 ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [x]
    4 hpn; [x]
    4 hpt3xx; [x]
    1 i2omgmt; [x]
    4 i2omp; [x]
    4 ini910u; [x]
    4 IntelIde; [x]
    1 lbrtfdc; [x]
    4 mraid35x; [x]
    1 PCIDump; [x]
    3 PDCOMP; [x]
    3 PDFRAME; [x]
    3 PDRELI; [x]
    3 PDRFRAME; [x]
    4 perc2; [x]
    4 perc2hib; [x]
    4 ql1080; [x]
    4 Ql10wnt; [x]
    4 ql12160; [x]
    4 ql1240; [x]
    4 ql1280; [x]
    4 Simbad; [x]
    4 Sparrow; [x]
    4 symc810; [x]
    4 symc8xx; [x]
    4 sym_hi; [x]
    4 sym_u3; [x]
    4 TosIde; [x]
    4 ultra; [x]
    4 ViaIde; [x]
    3 WDICA; [x]
    2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [x]

    ==================== NetSvcs (Whitelisted) ===================

    NETSVC: vet-filt -> C:\Windows\system32\dlcf_device.dll ==> No File.
    NETSVC: lvpopflt -> C:\Windows\system32\bglivesvc.dll ==> No File.
    NETSVC: mcredirector -> No Registry Path.
    NETSVC: bc_pat_f -> C:\Windows\system32\MaVctrl.dll ==> No File.
    NETSVC: rismxdp -> C:\Windows\system32\CiscoVpnInstallService.dll ==> No File.
    NETSVC: UPATC -> C:\Windows\system32\lanmanworkstation.dll ==> No File.
    NETSVC: CTDevice_Srv -> ==> No File.
    NETSVC: imountsrv -> ==> No File.
    NETSVC: vstor2-ws60 -> C:\Windows\system32\vaiomediaplatform-mobile-gateway.dll ==> No File.
    NETSVC: awhost32 -> ==> No File.
    NETSVC: protectionservice -> C:\Windows\system32\SenFiltService.dll ==> No File.
    NETSVC: ovt519 -> C:\Windows\system32\SSFS0BB9.dll ==> No File.
    NETSVC: lxcf_device -> C:\Windows\system32\nmindexingservice.dll ==> No File.
    NETSVC: CBN -> No Registry Path.
    NETSVC: Bcim -> No Registry Path.
    NETSVC: fsaa -> No Registry Path.
    NETSVC: fasttrackinstallerservice -> No Registry Path.
    NETSVC: comhost -> No Registry Path.
    NETSVC: DVDRC -> No Registry Path.
    NETSVC: StkASSrv -> C:\Windows\system32\hdaudbus.dll ==> No File.
    NETSVC: s116obex -> C:\Windows\system32\transactional.dll ==> No File.
    NETSVC: ltmodem5 -> C:\Windows\system32\g400.dll ==> No File.
    NETSVC: PSSdk21 -> C:\Windows\system32\cbidf.dll ==> No File.
    NETSVC: hpqwmiex -> C:\Windows\system32\dlbt_device.dll ==> No File.
    NETSVC: k750mgmt -> C:\Windows\system32\tsircsrv.dll ==> No File.
    NETSVC: pav_security -> C:\Windows\system32\kpf4.dll ==> No File.
    NETSVC: TIEHDUSB -> C:\Windows\system32\cyberpowerups.dll ==> No File.
    NETSVC: ctdvda2k -> C:\Windows\system32\se58nd5.dll ==> No File.
    NETSVC: ctxcpubal -> C:\Windows\system32\cpuidlep.dll ==> No File.
    NETSVC: ofcpfwsvc -> C:\Windows\system32\FiltUSBEMPIA.dll ==> No File.
    NETSVC: ccproxy -> C:\Windows\system32\keymaestro.dll ==> No File.
    NETSVC: G400DH -> C:\Windows\system32\AMDPCI.dll ==> No File.
    NETSVC: atinevxx -> C:\Windows\system32\quickhealfirewall.dll ==> No File.
    NETSVC: ashampoodefragservice -> C:\Windows\system32\veteboot.dll ==> No File.
    NETSVC: agnwifi -> No Registry Path.
    NETSVC: SRTSPL -> No Registry Path.
    NETSVC: keriomailserver -> No Registry Path.
    NETSVC: wmccdsls -> No Registry Path.
    NETSVC: aolavupd -> No Registry Path.
    NETSVC: hsxhwazl -> No Registry Path.
    NETSVC: MSMQ -> C:\Windows\system32\ovmsmaccessmanager.dll ==> No File.
    NETSVC: tng-dts -> C:\Windows\system32\EMCFILT.dll ==> No File.
    NETSVC: tng-dtmg -> C:\Windows\system32\issm.dll ==> No File.
    NETSVC: F700iat -> ==> No File.
    NETSVC: arrayssl_vpn_service3,0,1,9 -> ==> No File.
    NETSVC: pdlnatdl -> C:\Windows\system32\pdlndsdl.dll ==> No File.
    NETSVC: atkdisplf -> ==> No File.
    NETSVC: tga -> No Registry Path.
    NETSVC: AsusACPI -> ==> No File.
    NETSVC: mqdmbus -> ==> No File.
    NETSVC: GMSIPCI -> C:\Windows\system32\sysplant.dll ==> No File.
    NETSVC: ANC -> C:\Windows\system32\k750mdm.dll ==> No File.
    NETSVC: wwsecsvc -> C:\Windows\system32\slabser.dll ==> No File.
    NETSVC: ip6fwhlp -> No Registry Path.
    NETSVC: mhn -> No Registry Path.
    NETSVC: sacsvr -> No Registry Path.
    NETSVC: trksvr -> No Registry Path.

    ==================== One Month Created Files and Folders ========

    2012-12-03 02:55 - 2012-12-03 02:55 - 00000000 ____D C:\FRST
    2012-11-30 09:19 - 2012-12-05 14:28 - 00000004 ____A C:\Documents and Settings\Master Blaster\Application Data\skype.ini
    2012-11-30 02:02 - 2012-11-30 02:02 - 00000353 ____A C:\Documents and Settings\Master Blaster\Desktop\Sissel - O Mio Babbino Caro - YouTube.url
    2012-11-29 23:47 - 2012-11-29 23:47 - 00097778 ____A C:\Documents and Settings\Master Blaster\Desktop\OTL.Txt
    2012-11-29 23:47 - 2012-11-29 23:47 - 00048308 ____A C:\Documents and Settings\Master Blaster\Desktop\Extras.Txt
    2012-11-29 23:39 - 2012-11-29 23:39 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
    2012-11-29 05:01 - 2012-11-29 05:01 - 00001161 ____A C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
    2012-11-29 04:40 - 2012-11-29 04:40 - 00001631 ____A C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
    2012-11-29 03:24 - 2012-11-29 03:24 - 00019124 ____A C:\ComboFix.txt
    2012-11-29 03:05 - 2012-11-29 03:05 - 00000000 ____D C:\Program Files\GPLGS
    2012-11-29 03:04 - 2012-09-12 18:32 - 00088688 ____A C:\Windows\System32\cpwmon2k.dll
    2012-11-29 02:37 - 2012-11-29 02:37 - 00036363 ____A C:\Windows\CSTBox.INI
    2012-11-29 02:28 - 2012-11-29 02:32 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\scans
    2012-11-27 01:27 - 2012-11-27 01:27 - 00019195 ____A C:\Documents and Settings\Master Blaster\Desktop\comboscan.txt
    2012-11-25 15:07 - 2012-11-25 15:07 - 05006177 ____R (Swearware) C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
    2012-11-25 13:07 - 2012-11-25 13:07 - 04742932 ____A C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
    2012-11-25 03:11 - 2012-11-25 03:11 - 00442200 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
    2012-11-24 17:18 - 2012-11-24 17:18 - 00000453 ____A C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
    2012-11-24 17:16 - 2012-11-24 17:16 - 04732416 ____A (AVAST Software) C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
    2012-11-24 09:21 - 2012-11-24 09:25 - 152292227 ____A C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
    2012-11-24 06:36 - 2012-11-24 06:36 - 00025585 ____A C:\Documents and Settings\Master Blaster\Desktop\attach.txt
    2012-11-24 06:36 - 2012-11-24 06:36 - 00015803 ____A C:\Documents and Settings\Master Blaster\Desktop\dds.txt
    2012-11-24 06:30 - 2012-11-24 06:33 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\storage nov12
    2012-11-23 08:12 - 2012-11-23 08:12 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\New Folder
    2012-11-23 07:19 - 2012-11-23 07:19 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-22 11:55 - 2012-11-22 11:55 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\song_data
    2012-11-22 07:35 - 2012-11-22 07:41 - 79108767 ____A C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
    2012-11-22 03:52 - 2012-11-22 03:52 - 00110592 ____A C:\Windows\Minidump\Mini112212-01.dmp
    2012-11-22 02:44 - 2012-11-22 03:09 - 00000000 ____D C:\Documents and Settings\Master Blaster\.frostwire5
    2012-11-22 02:44 - 2012-11-22 02:45 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\FrostWire
    2012-11-22 02:41 - 2012-11-22 03:31 - 00000000 ____D C:\Program Files\Real
    2012-11-22 02:41 - 2012-11-22 03:31 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Real
    2012-11-22 02:40 - 2012-11-22 03:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
    2012-11-22 02:40 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
    2012-11-19 15:23 - 2012-11-25 15:14 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData
    2012-11-19 14:00 - 2012-11-19 14:00 - 15401600 ____A C:\240P_400K_6203321[3].mp4
    2012-11-19 13:56 - 2012-11-19 13:56 - 06350273 ____A C:\general01_H_6493301_01-2012-11-19.mp4
    2012-11-19 13:55 - 2012-11-19 13:57 - 43588603 ____A C:\240P_352K_5225320-2012-11-19.mp4
    2012-11-19 13:53 - 2012-11-19 13:53 - 11501318 ____A C:\1396_2000-2012-11-19.mp4
    2012-11-19 12:17 - 2012-11-19 12:16 - 00110592 ____A C:\Windows\Minidump\Mini111912-01.dmp
    2012-11-15 06:07 - 2012-11-15 06:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
    2012-11-15 06:06 - 2012-11-22 08:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
    2012-11-15 03:01 - 2012-11-15 06:07 - 00011727 ____A C:\Windows\KB2727528.log
    2012-11-15 03:01 - 2012-11-15 06:06 - 00013180 ____A C:\Windows\KB2761226.log
    2012-11-14 04:20 - 2012-11-14 04:20 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\DWP
    2012-11-08 05:19 - 2012-11-08 05:19 - 00000000 ____D C:\Program Files\WS_FTP

    ==================== One Month Modified Files and Folders ========

    2012-12-05 14:28 - 2012-11-30 09:19 - 00000004 ____A C:\Documents and Settings\Master Blaster\Application Data\skype.ini
    2012-12-05 14:28 - 2012-01-18 04:51 - 00524288 ____A C:\Windows\System32\config\ACEEvent.evt
    2012-12-05 14:28 - 2009-12-22 02:35 - 00524288 ____A C:\Windows\System32\config\TuneUp.evt
    2012-12-05 14:28 - 2009-12-11 08:00 - 01207744 ____A C:\Windows\WindowsUpdate.log
    2012-12-05 14:28 - 2009-12-10 23:49 - 00000178 __ASH C:\Documents and Settings\Master Blaster\ntuser.ini
    2012-12-05 14:28 - 2009-12-10 23:42 - 00032362 ____A C:\Windows\SchedLgU.Txt
    2012-12-05 14:28 - 2009-12-10 23:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-05 14:28 - 2009-12-10 14:38 - 00000216 ____A C:\Windows\wiadebug.log
    2012-12-05 14:26 - 2010-08-12 06:17 - 00000504 ____A C:\Windows\Tasks\1-Click Maintenance.job
    2012-12-05 14:25 - 2012-06-27 02:49 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-12-05 14:25 - 2010-05-07 02:43 - 00000000 ____D C:\Program Files\Common Files\Akamai
    2012-12-05 14:25 - 2009-12-10 23:49 - 00000062 __ASH C:\Documents and Settings\Master Blaster\Local Settings\desktop.ini
    2012-12-05 14:25 - 2009-12-10 23:42 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
    2012-12-05 14:25 - 2009-12-10 23:42 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
    2012-12-05 14:25 - 2009-12-10 14:38 - 00000049 ____A C:\Windows\wiaservc.log
    2012-12-05 14:25 - 2001-08-23 07:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
    2012-12-04 22:04 - 2012-06-27 02:49 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-12-04 22:03 - 2009-12-12 03:07 - 00000000 __SHD C:\Windows\CSC
    2012-12-04 21:59 - 2012-06-09 07:57 - 00047606 ____A C:\Windows\setupapi.log
    2012-12-04 21:59 - 2012-05-09 04:16 - 00003218 ____A C:\Windows\setupact.log
    2012-12-03 02:55 - 2012-12-03 02:55 - 00000000 ____D C:\FRST
    2012-11-30 09:18 - 2012-04-29 04:23 - 00000000 ____D C:\hidownload
    2012-11-30 09:17 - 2009-12-13 01:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\IDM
    2012-11-30 08:59 - 2012-03-17 08:45 - 00000000 ____D C:\IDM
    2012-11-30 08:33 - 2012-04-02 04:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-30 02:02 - 2012-11-30 02:02 - 00000353 ____A C:\Documents and Settings\Master Blaster\Desktop\Sissel - O Mio Babbino Caro - YouTube.url
    2012-11-30 01:36 - 2009-12-13 01:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\DMCache
    2012-11-30 00:26 - 2011-02-21 05:54 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\vlc
    2012-11-29 23:47 - 2012-11-29 23:47 - 00097778 ____A C:\Documents and Settings\Master Blaster\Desktop\OTL.Txt
    2012-11-29 23:47 - 2012-11-29 23:47 - 00048308 ____A C:\Documents and Settings\Master Blaster\Desktop\Extras.Txt
    2012-11-29 23:39 - 2012-11-29 23:39 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
    2012-11-29 23:30 - 2012-01-12 08:29 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\New Folder
    2012-11-29 05:01 - 2012-11-29 05:01 - 00001161 ____A C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
    2012-11-29 04:40 - 2012-11-29 04:40 - 00001631 ____A C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
    2012-11-29 04:03 - 2012-08-07 06:46 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\send
    2012-11-29 03:34 - 2009-12-10 14:37 - 00559994 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-29 03:24 - 2012-11-29 03:24 - 00019124 ____A C:\ComboFix.txt
    2012-11-29 03:24 - 2012-06-03 23:58 - 00000000 ___AD C:\Qoobox
    2012-11-29 03:22 - 2001-08-23 07:00 - 00000227 ____A C:\Windows\system.ini
    2012-11-29 03:07 - 2010-02-02 04:10 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\CutePDF Writer
    2012-11-29 03:05 - 2012-11-29 03:05 - 00000000 ____D C:\Program Files\GPLGS
    2012-11-29 03:04 - 2010-02-02 04:08 - 00000000 ____D C:\Program Files\Acro Software
    2012-11-29 03:01 - 2009-12-10 14:29 - 00000000 ____D C:\Windows\Resources
    2012-11-29 02:37 - 2012-11-29 02:37 - 00036363 ____A C:\Windows\CSTBox.INI
    2012-11-29 02:32 - 2012-11-29 02:28 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\scans
    2012-11-28 12:56 - 2012-06-14 05:47 - 00017857 ____A C:\Windows\wmsetup.log
    2012-11-28 07:49 - 2011-12-05 13:50 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\shortcuts2
    2012-11-27 04:33 - 2009-12-12 22:30 - 00000000 ____D C:\Earth
    2012-11-27 01:28 - 2012-04-28 03:31 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\uTorrent
    2012-11-27 01:27 - 2012-11-27 01:27 - 00019195 ____A C:\Documents and Settings\Master Blaster\Desktop\comboscan.txt
    2012-11-26 16:44 - 2009-12-12 02:14 - 00176128 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-11-26 07:34 - 2010-04-08 01:09 - 00000116 ____A C:\Windows\NeroDigital.ini
    2012-11-25 17:55 - 2012-11-02 04:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Audacity
    2012-11-25 15:14 - 2012-11-19 15:23 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData
    2012-11-25 15:07 - 2012-11-25 15:07 - 05006177 ____R (Swearware) C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
    2012-11-25 13:07 - 2012-11-25 13:07 - 04742932 ____A C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
    2012-11-25 05:52 - 2011-09-05 19:07 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\suki
    2012-11-25 03:11 - 2012-11-25 03:11 - 00442200 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
    2012-11-24 17:18 - 2012-11-24 17:18 - 00000453 ____A C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
    2012-11-24 17:16 - 2012-11-24 17:16 - 04732416 ____A (AVAST Software) C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
    2012-11-24 09:25 - 2012-11-24 09:21 - 152292227 ____A C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
    2012-11-24 06:36 - 2012-11-24 06:36 - 00025585 ____A C:\Documents and Settings\Master Blaster\Desktop\attach.txt
    2012-11-24 06:36 - 2012-11-24 06:36 - 00015803 ____A C:\Documents and Settings\Master Blaster\Desktop\dds.txt
    2012-11-24 06:34 - 2011-12-05 13:48 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\all superb
    2012-11-24 06:33 - 2012-11-24 06:30 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\storage nov12
    2012-11-23 08:17 - 2012-10-09 05:05 - 00000000 ____D C:\Collection
    2012-11-23 08:12 - 2012-11-23 08:12 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\New Folder
    2012-11-23 07:19 - 2012-11-23 07:19 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-23 03:07 - 2012-04-10 21:47 - 00268808 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\census.cache
    2012-11-23 03:06 - 2012-04-10 21:47 - 00209719 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ars.cache
    2012-11-22 11:55 - 2012-11-22 11:55 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\song_data
    2012-11-22 10:05 - 2011-11-03 19:41 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai
    2012-11-22 09:19 - 2010-02-21 06:45 - 00000000 ____D C:\Windows\Microsoft.NET
    2012-11-22 08:40 - 2010-04-15 05:02 - 00000000 __HDC C:\Windows\$NtUninstallKB980232$
    2012-11-22 08:23 - 2009-12-12 22:32 - 00000000 ____D C:\Program Files\Google
    2012-11-22 08:22 - 2012-11-15 06:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
    2012-11-22 07:51 - 2011-07-18 00:51 - 00000000 ____D C:\Program Files\Zune
    2012-11-22 07:46 - 2009-12-12 22:32 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Google
    2012-11-22 07:41 - 2012-11-22 07:35 - 79108767 ____A C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
    2012-11-22 03:52 - 2012-11-22 03:52 - 00110592 ____A C:\Windows\Minidump\Mini112212-01.dmp
    2012-11-22 03:52 - 2009-12-13 07:25 - 00000000 ____D C:\Windows\Minidump
    2012-11-22 03:31 - 2012-11-22 02:41 - 00000000 ____D C:\Program Files\Real
    2012-11-22 03:31 - 2012-11-22 02:41 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Real
    2012-11-22 03:31 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
    2012-11-22 03:22 - 2012-10-30 05:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2012-11-22 03:13 - 2010-09-29 00:19 - 00001984 ____A C:\Windows\System32\d3d9caps.dat
    2012-11-22 03:09 - 2012-11-22 02:44 - 00000000 ____D C:\Documents and Settings\Master Blaster\.frostwire5
    2012-11-22 02:45 - 2012-11-22 02:44 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\FrostWire
    2012-11-22 02:41 - 2003-03-19 01:14 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
    2012-11-22 02:41 - 2003-02-21 07:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
    2012-11-22 02:40 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
    2012-11-22 02:15 - 2010-03-10 04:09 - 00000000 ____D C:\Program Files\PeerBlock
    2012-11-22 00:37 - 2012-10-27 23:52 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\volcano
    2012-11-19 14:00 - 2012-11-19 14:00 - 15401600 ____A C:\240P_400K_6203321[3].mp4
    2012-11-19 13:57 - 2012-11-19 13:55 - 43588603 ____A C:\240P_352K_5225320-2012-11-19.mp4
    2012-11-19 13:56 - 2012-11-19 13:56 - 06350273 ____A C:\general01_H_6493301_01-2012-11-19.mp4
    2012-11-19 13:53 - 2012-11-19 13:53 - 11501318 ____A C:\1396_2000-2012-11-19.mp4
    2012-11-19 12:16 - 2012-11-19 12:17 - 00110592 ____A C:\Windows\Minidump\Mini111912-01.dmp
    2012-11-15 06:51 - 2009-12-10 14:36 - 03449912 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-15 06:08 - 2009-12-11 14:24 - 64010424 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-11-15 06:07 - 2012-11-15 06:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
    2012-11-15 06:07 - 2012-11-15 03:01 - 00011727 ____A C:\Windows\KB2727528.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00177212 ____A C:\Windows\iis6.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00166931 ____A C:\Windows\FaxSetup.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00079812 ____A C:\Windows\ocgen.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00076167 ____A C:\Windows\tsoc.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00054570 ____A C:\Windows\comsetup.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00050000 ____A C:\Windows\msmqinst.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00033166 ____A C:\Windows\ntdtcsetup.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00029241 ____A C:\Windows\netfxocm.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00011475 ____A C:\Windows\MedCtrOC.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00009234 ____A C:\Windows\ocmsn.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00008397 ____A C:\Windows\tabletoc.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00008181 ____A C:\Windows\msgsocm.log
    2012-11-15 06:07 - 2012-05-12 05:02 - 00001393 ____A C:\Windows\imsins.log
    2012-11-15 06:06 - 2012-11-15 03:01 - 00013180 ____A C:\Windows\KB2761226.log
    2012-11-15 06:06 - 2009-12-10 14:37 - 00001393 ____A C:\Windows\imsins.BAK
    2012-11-15 03:01 - 2009-12-11 08:23 - 00000000 ___HD C:\Windows\$hf_mig$
    2012-11-14 04:20 - 2012-11-14 04:20 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\DWP
    2012-11-14 04:02 - 2009-12-12 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
    2012-11-13 21:23 - 2012-04-02 04:05 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-11-13 21:23 - 2011-05-17 05:58 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-11-09 20:15 - 2012-09-02 19:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\select
    2012-11-08 05:43 - 2011-06-24 03:09 - 00000000 ____D C:\mafa
    2012-11-08 05:19 - 2012-11-08 05:19 - 00000000 ____D C:\Program Files\WS_FTP
    2012-11-08 05:19 - 2009-12-10 23:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2012-11-08 05:19 - 2001-08-23 07:00 - 00000656 ____A C:\Windows\win.ini
    2012-11-07 22:12 - 2012-07-24 08:55 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-07 22:12 - 2012-04-10 19:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-11-06 19:49 - 2012-06-30 00:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points (XP) =====================

    RP: -> 2012-11-30 03:45 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP219

    RP: -> 2012-11-29 03:04 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP218

    RP: -> 2012-11-29 01:07 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP217


    ==================== Memory info ===========================

    Percentage of memory in use: 12%
    Total physical RAM: 2047.17 MB
    Available physical RAM: 1790.75 MB
    Total Pagefile: 1877.82 MB
    Available Pagefile: 1817.37 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2003.18 MB

    ==================== Partitions =============================

    2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
    3 Drive c: () (Fixed) (Total:127.99 GB) (Free:1.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
    4 Drive d: (SATA) (Fixed) (Total:149.04 GB) (Free:0.88 GB) NTFS
    5 Drive e: (New Volume) (Fixed) (Total:570.65 GB) (Free:0.18 GB) NTFS
    6 Drive f: (SATA) (Fixed) (Total:149.05 GB) (Free:0.23 GB) NTFS
    7 Drive g: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
    8 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 699 GB 0 B
    Disk 1 Online 298 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 128 GB 32 KB
    Partition 2 Primary 571 GB 128 GB
    =========================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 128 GB Healthy
    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E New Volume NTFS Partition 571 GB Healthy
    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 149 GB 32 KB
    Partition 2 Primary 149 GB 149 GB
    =========================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D SATA NTFS Partition 149 GB Healthy
    =========================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F SATA NTFS Partition 149 GB Healthy
    =========================================================
    ==================== End Of Log ============================
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter OTLPE as before...

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  3. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-12-2012
    Ran by SYSTEM at 2012-12-06 08:45:17 Run:2
    Running from G:\
    ==============================================
    HKEY_USERS\Master Blaster\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
    ==== End of Fixlog ====

    Nice work Jay!
    Back online with this system, which booted up fine. So far so good, with a strong urge to install an AV program.
    Next move?
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Run ComboFix first below...

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


    Find new antivirus here: http://secureconnexion.wordpress.com/2012/06/14/antivirus-software-toplist-top-20-summer-2012/
  5. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    ComboFix 12-12-07.01 - Master Blaster 12/07/2012 18:29:50.9.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1290 [GMT -8:00]
    Running from: c:\documents and settings\Master Blaster\Desktop\ComboFix.exe
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Master Blaster\Application Data\skype.dat
    c:\documents and settings\Master Blaster\Application Data\skype.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-03 07:55 . 2012-12-03 07:55 -------- d-----w- C:\FRST
    2012-11-29 08:05 . 2012-11-29 08:05 -------- d-----w- c:\program files\GPLGS
    2012-11-29 08:04 . 2012-09-12 23:32 88688 ----a-w- c:\windows\system32\cpwmon2k.dll
    2012-11-23 12:19 . 2012-11-23 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-22 07:44 . 2012-11-22 08:09 -------- d-----w- c:\documents and settings\Master Blaster\.frostwire5
    2012-11-22 07:41 . 2012-11-22 08:31 -------- d-----w- c:\program files\Real
    2012-11-22 07:40 . 2012-11-22 07:40 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\OpenCandy
    2012-11-19 20:23 . 2012-11-25 20:14 -------- d-----w- c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData
    2012-11-08 10:19 . 2012-11-08 10:19 -------- d-----w- c:\program files\WS_FTP
    2012-11-08 10:19 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
    2012-11-08 10:19 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
    2012-11-08 10:19 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
    2012-11-08 10:19 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
    2012-11-08 10:19 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
    2012-11-08 10:19 . 2012-11-08 10:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
    2012-11-08 10:19 . 2012-11-08 10:19 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-22 07:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-11-22 07:41 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-11-14 02:23 . 2012-04-02 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-14 02:23 . 2011-05-17 10:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-09 17:33 . 2012-07-12 09:33 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-10-08 23:23 . 2012-10-08 23:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-08 23:23 . 2012-10-08 23:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-08 23:23 . 2012-04-21 22:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-08 23:23 . 2012-04-21 22:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-09-30 03:54 . 2012-04-11 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-30 10:35 . 2012-10-30 10:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 19:06 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 20:47 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 22:30 216064 --sha-r- c:\windows\system32\nbDX.dll
    2010-01-07 07:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "Akamai NetSession Interface"="c:\documents and settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "NetWorx"="c:\program files\NetWorx\networx.exe" [2012-06-10 3225144]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
    2012-06-10 02:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Bonjour Service"=2 (0x2)
    "ZuneWlanCfgSvc"=3 (0x3)
    "ZuneNetworkSvc"=3 (0x3)
    "ZuneBusEnum"=2 (0x2)
    "WMZuneComm"=3 (0x3)
    "Updater Service for StartNow Toolbar"=2 (0x2)
    "ImapiService"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "cdloader"="c:\documents and settings\Master Blaster\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Master Blaster\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1041:TCP"= 1041:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/12/2010 2:46 AM 26248]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [8/12/2010 2:46 AM 20616]
    R1 networx;networx;c:\windows\system32\drivers\networx.sys [6/19/2011 4:05 AM 51640]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 4:00 AM 14336]
    R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [8/19/2011 9:42 PM 57344]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/30/2011 12:16 PM 12184]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 9:24 PM 399432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 4:17 PM 676936]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/18/2012 2:31 AM 101392]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8/12/2010 2:46 AM 122504]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 9:30 AM 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 9:30 AM 12184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 4:17 PM 22856]
    S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/12/2010 2:46 AM 14216]
    S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [9/14/2010 11:06 PM 54016]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    NETSVCS REQUIRES REPAIRS - current entries shown
    6to4
    AppMgmt
    AudioSrv
    Browser
    CryptSvc
    DMServer
    DHCP
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    HidServ
    Ias
    Iprip
    Irmon
    LanmanServer
    LanmanWorkstation
    Messenger
    Netman
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    vet-filt
    lvpopflt
    mcredirector
    bc_pat_f
    rismxdp
    UPATC
    CTDevice_Srv
    imountsrv
    vstor2-ws60
    awhost32
    protectionservice
    ovt519
    lxcf_device
    CBN
    Bcim
    fsaa
    fasttrackinstallerservice
    comhost
    DVDRC
    StkASSrv
    s116obex
    ltmodem5
    PSSdk21
    hpqwmiex
    k750mgmt
    pav_security
    TIEHDUSB
    ctdvda2k
    ctxcpubal
    ofcpfwsvc
    ccproxy
    G400DH
    atinevxx
    ashampoodefragservice
    agnwifi
    SRTSPL
    keriomailserver
    wmccdsls
    aolavupd
    hsxhwazl
    MSMQ
    tng-dts
    tng-dtmg
    F700iat
    arrayssl_vpn_service3,0,1,9
    pdlnatdl
    atkdisplf
    tga
    AsusACPI
    mqdmbus
    GMSIPCI
    ANC
    wwsecsvc
    Remoteaccess
    Schedule
    Seclogon
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Themes
    TrkWks
    UxTuneUp
    W32Time
    WZCSVC
    Wmi
    WmdmPmSp
    winmgmt
    TermService
    BITS
    ShellHWDetection
    helpsvc
    xmlprov
    wscsvc
    WmdmPmSN
    napagent
    hkmsvc
    wuauserv
    uploadmgr
    ip6fwhlp
    mhn
    sacsvr
    trksvr
    .
    Rebuilding ... You need to reboot your machine for this to take effect.
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-08 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
    .
    2012-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:23]
    .
    2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
    .
    2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    LSP: c:\windows\system32\idmmbc.dll
    Trusted Zone: thephins.com\www
    Trusted Zone: tube8.com\www
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\
    FF - prefs.js: browser.search.selectedEngine - Claro Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
    FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
    FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.claro.autoRvrt - false
    FF - user.js: extensions.claro_i.newTab - false
    FF - user.js: extensions.claro.vrsni - 1.6.4.1
    FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
    FF - user.js: extensions.claro.prtnrId - claro
    FF - user.js: extensions.claro.prdct - claro
    FF - user.js: extensions.claro.aflt - babsst
    FF - user.js: extensions.claro_i.smplGrp - none
    FF - user.js: extensions.claro.tlbrId - claro
    FF - user.js: extensions.claro.instlRef -
    FF - user.js: extensions.claro.dfltLng - en
    FF - user.js: extensions.claro.excTlbr - false
    FF - user.js: extensions.claro.admin - false
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-07 18:35
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24851210-fc14-4b19-812b-d9133aea46a2}]
    @Denied: (Full) (Everyone)
    "Model"=dword:0000006a
    "Therad"=dword:0000001e
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):0f,97,2f,57,31,e5,f7,f5,ae,6e,91,35,40,51,ee,d8,1c,63,4d,97,f6,
    f7,49,aa,01,84,04,4a,f0,68,42,14,0b,0c,db,ea,27,fb,fd,07,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(996)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    Completion time: 2012-12-07 18:37:09
    ComboFix-quarantined-files.txt 2012-12-08 02:37
    ComboFix2.txt 2012-11-29 08:24
    ComboFix3.txt 2012-11-25 20:17
    ComboFix4.txt 2012-06-04 05:07
    .
    Pre-Run: 1,644,785,664 bytes free
    Post-Run: 1,690,169,344 bytes free
    .
    - - End Of File - - F1E4BEF25D8FAB70C6B68E50159C7A7


    Had a recent Combofix.exe we used last week, but I downloaded a new one just in case.
    Thanks for the informative link on A/V apps! Used to have Kasp, and was a deal with two licenses.
    Leaving on business tonight, but will check back here, and pick up on monday, have a great weekend Jay!
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay, when you come back:

    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    RogueKiller Scan

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  7. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.0.4 (12.09.2012:4)
    OS: Microsoft Windows XP x86
    Ran by Master Blaster on Mon 12/10/2012 at 3:59:26.48
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-343818398-1454471165-839522115-1003\software\microsoft\internet explorer\searchscopes\\DefaultScope

    ~~~ Registry Keys
    Successfully deleted: [Registry Key] "hkey_current_user\software\crossrider"
    Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\babylontoolbar"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\prod.cap"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent"
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0d7562ae-8ef6-416d-a838-ab665251703a}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0d7562ae-8ef6-416d-a838-ab665251703a}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}
    Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
    Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

    ~~~ Files

    ~~~ Folders
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\installmate"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\wecarereminder"
    Successfully deleted: [Folder] "C:\Documents and Settings\Master Blaster\Application Data\babylon"
    Successfully deleted: [Folder] "C:\Documents and Settings\Master Blaster\Application Data\opencandy"
    Successfully deleted: [Folder] "C:\Documents and Settings\Master Blaster\Application Data\vghd"
    Successfully deleted: [Folder] "C:\Program Files\babylon"

    ~~~ FireFox
    Successfully deleted: [File] C:\user.js
    Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
    Successfully deleted: [File] C:\Documents and Settings\Master Blaster\Application Data\mozilla\firefox\profiles\r52wkqpj.default\user.js
    Successfully deleted: [Folder] C:\Documents and Settings\Master Blaster\Application Data\mozilla\firefox\profiles\r52wkqpj.default\extensions\oneclickdownload@oneclickdownload.com
    Successfully deleted the following from C:\Documents and Settings\Master Blaster\Application Data\mozilla\firefox\profiles\r52wkqpj.default\prefs.js
    user_pref("browser.newtab.url", "http://www.claro-search.com/?affID=..._clro&mntrId=f81deddd000000000000001e90e94f32");
    user_pref("browser.search.defaultenginename", "Claro Search");
    user_pref("browser.search.order.1", "Claro Search");
    user_pref("browser.search.selectedEngine", "Claro Search");
    user_pref("extensions.50af78b49654b.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,sear
    user_pref("extensions.claro.admin", false);
    user_pref("extensions.claro.aflt", "babsst");
    user_pref("extensions.claro.autoRvrt", "false");
    user_pref("extensions.claro.cntry", "US");
    user_pref("extensions.claro.dfltLng", "en");
    user_pref("extensions.claro.envrmnt", "production");
    user_pref("extensions.claro.excTlbr", false);
    user_pref("extensions.claro.hdrMd5", "");
    user_pref("extensions.claro.hmpg", false);
    user_pref("extensions.claro.instlRef", "");
    user_pref("extensions.claro.isdcmntcmplt", false);
    user_pref("extensions.claro.lastVrsnTs", "1.6.4.10:08:21");
    user_pref("extensions.claro.mntrvrsn", "1.3.1");
    user_pref("extensions.claro.newTab", false);
    user_pref("extensions.claro.prdct", "claro");
    user_pref("extensions.claro.propectorlck", 86915764);
    user_pref("extensions.claro.prtkhmpg", 1);
    user_pref("extensions.claro.prtnrId", "claro");
    user_pref("extensions.claro.sg", "none");
    user_pref("extensions.claro.smplGrp", "none");
    user_pref("extensions.claro.tlbrId", "claro");
    user_pref("extensions.claro.vrsnTs", "1.6.4.10:08:21");
    user_pref("extensions.claro.vrsni", "1.6.4.1");
    user_pref("extensions.claro_i.newTab", false);
    user_pref("extensions.claro_i.smplGrp", "none");
    user_pref("extensions.claro_i.vrsnTs", "1.6.4.10:08:21");
    user_pref("extensions.crossrider.bic", "139ec73fb84285e57fc465073d3ca9aa");
    user_pref("extensions.toolbar.mindspark._64Members_.homepage", "http://home.mywebsearch.com/index.j...16-0772F0F7CED0&n=77df4889&ptnrS=XPxdm032BAus&
    user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
    user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2011121801");
    user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm032BAus");
    user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "3542443");
    user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
    user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "35A70B26-9365-43A4-AC16-0772F0F7CED0");
    user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1334503721930");
    user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
    user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
    user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
    user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
    user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "90001");
    user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
    user_pref("keyword.URL", "http://www.claro-search.com/?affID=...lro&mntrId=f81deddd000000000000001e90e94f32&q=");


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 12/10/2012 at 4:04:12.59
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    # AdwCleaner v2.100 - Logfile created 12/10/2012 at 04:51:18
    # Updated 09/12/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Master Blaster - ENDLESS
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Master Blaster\Desktop\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    Folder Found : C:\Documents and Settings\Master Blaster\Application Data\AVG Secure Search
    Folder Found : C:\Documents and Settings\Master Blaster\Local Settings\Application Data\AVG Secure Search
    Folder Found : C:\Program Files\AVG Secure Search
    Folder Found : C:\Program Files\Common Files\AVG Secure Search
    ***** [Registry] *****
    Key Found : HKCU\Software\AppDataLow\Software\PricePeep
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKCU\Software\StartSearch
    Key Found : HKCU\Software\wecarereminder
    Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
    Key Found : HKLM\Software\SweetIM
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    [OK] Registry is clean.
    -\\ Mozilla Firefox v16.0.2 (en-US)
    Profile name : default
    File : C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\prefs.js
    [OK] File is clean.
    Profile name : default
    File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9z052b5a.default\prefs.js
    Found : user_pref("extensions.crossriderapp12555.adsOldValue", -1);
    *************************
    AdwCleaner[R1].txt - [2659 octets] - [10/12/2012 04:51:18]
    ########## EOF - C:\AdwCleaner[R1].txt - [2719 octets] ##########

    RogueKiller V8.3.2 [Dec 10 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Master Blaster [Admin rights]
    Mode : Remove -- Date : 12/10/2012 05:23:32
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD7500AADS-00L5B1 +++++
    --- User ---
    [MBR] 583066a49ae6b9ce65b685acba7d4b96
    [BSP] f0fedd78de29e3e61545662f38fb9b9e : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131061 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268414020 | Size: 584340 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD3200AAKS-00B3A0 +++++
    --- User ---
    [MBR] fdde5365bc7c4ae6f79655188adf9dc3
    [BSP] 51f6fef3ed29886b80ef5df4dc470107 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 312560640 | Size: 152625 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_12102012_02d0523.txt >>
    RKreport[1]_S_12102012_02d0520.txt ; RKreport[2]_D_12102012_02d0523.txt
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good job! Check for remnants...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  9. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    C:\Qoobox\Quarantine\C\Documents and Settings\Master Blaster\Application Data\skype.dat.vir a variant of Win32/Injector.ZRQ trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Master Blaster\Desktop\Setup.exe.vir a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData\hkrlfnhn.dll.vir Win32/Boaxxe.G trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

    Attempting a trial install of Kasp A/V, which is requiring me to remove conflicting uninstalled remnants from former A/V editions, its pre-install scanning found. I've already used an AVG removal tool in doing so, but apparently the Trend Micro cleaner tool needs to be "Titanium" specific. Otherwise, the system seems to be running optimal, with no lingering effects from our once troublesome rodent/s.
    Also, there appear to be some remainng folders of recently installed cleaner tools (FSRT, JRT, Qoobox) in C drive. Should those be deleted?
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  11. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Huge thanks!
    Finally got Kasp installed. Machine is stable and running great!

    Always impressive to watch the systematic extermination of these nefarious infections.
    If theres ever any sense of atonement to be had out of defeating this pestilence on a daily basis,
    I expect a fix like this would appropriately be deemed a "headshot".

    My applause and appreciation, to the malware mashing maelstrom, DragonMaster Jay!

    start​
    HKU\Master Blaster\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Master Blaster\Application Data\skype.dat [87911 2010-12-09] ()​
    end​
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE
    You now have a clean restore point, to get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do some calculation and the display a dialogue box with TABS
    • Select the More Options Tab.
    • At the bottom will be a system restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  13. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Results of screen317's Security Check version 0.99.56
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Kaspersky Anti-Virus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Out of date HijackThis installed!
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.65.1.1000
    HijackThis 2.0.2
    TuneUp Utilities 2009
    CCleaner
    Java(TM) 6 Update 31
    Java 7 Update 7
    Java version out of Date!
    Adobe Flash Player 11.5.502.135
    Mozilla Firefox 16.0.2 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````


    Whats SSD? (Do NOT defrag if SSD!)
  14. SledgeProne

    SledgeProne TS Rookie Topic Starter Posts: 82

    Results of screen317's Security Check version 0.99.56
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Kaspersky Anti-Virus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.65.1.1000
    TuneUp Utilities 2009
    CCleaner
    Java 7 Update 9
    Adobe Flash Player 11.5.502.135
    Mozilla Firefox (17.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````


    Went ahead and uninstalled Hijack This, updated everything else listed, and still not sure what SSD is.
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It means Solid State Drive, a type of newer hard drive that doesn't use disks, but rather flash memory.
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Topic solved.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.