TechSpot

Slender Man virus

Inactive
By daveed12vas
Dec 16, 2012
  1. Dear TechSpot,
    I just downloaded The Slender Man free game download from AtomicGamer.com and along with the Slender Man game I was made to download a set of other programs like: Yahoo Toolbar, PC Optimizer, SevenZip, and some others... I have The Slender Man game on my desktop now which is nice, but now I can no longer open programs with a double mouse click and my quick launch icons for Internet Explorer & Mozilla have disappeared from the taskbar. I think I might have a virus. Can you please help and take me through the removal process? Any help would be welcomed.
     
  2. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    www.malwarebytes.org

    Database version: v2012.12.16.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: GX620 [administrator]

    12/16/2012 11:38:47 AM
    mbam-log-2012-12-16 (11-38-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 188691
    Time elapsed: 3 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Administrator at 11:58:53 on 2012-12-16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2887 [GMT -6:00]
    .
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
    C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.0.9\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\administrator\application data\defaulttab\defaulttab\DefaultTabBHO.dll
    BHO: Cartwheel: {B50DF051-E1D4-439C-B94E-F4DE82B56542} - c:\documents and settings\administrator\application data\cartwheel\Cartwheel.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SpeetItUpFree] "c:\program files\speeditup free\speeditupfree.exe"
    dRun: [Norton Download Manager{N360621005-SHPD-FSD25037}] c:\program files\norton management\engine\3.0.0.133\ccSvcHst.exe /m
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340484126046
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350846574421
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    TCP: Interfaces\{2225B3BB-99B4-43AD-B80C-7B7402075F2B} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-2 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-2 924320]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
    R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\mclient\0302000.013\ccsetx86.sys [2012-10-23 134304]
    R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-2 132768]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-2 149624]
    R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\administrator\application data\defaulttab\defaulttab\DTUpdate.exe [2012-12-16 107520]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-9 399432]
    R2 MCLIENT;Norton Management;c:\program files\norton management\engine\3.2.0.19\ccsvchst.exe [2012-10-23 143928]
    R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.0.9\ccsvchst.exe [2012-10-2 138272]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-6-19 103040]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20121214.001\IDSXpx86.sys [2012-12-15 373728]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-19 22856]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20121215.006\NAVENG.SYS [2012-12-15 92704]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\virusdefs\20121215.006\NAVEX15.SYS [2012-12-15 1601184]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-19 676936]
    .
    =============== Created Last 30 ================
    .
    2012-12-16 15:58:14 -------- d-----w- c:\documents and settings\all users\application data\PC Optimizer Pro
    2012-12-16 15:28:45 -------- d-----w- c:\documents and settings\administrator\application data\DefaultTab
    2012-12-16 15:28:32 -------- d-----w- c:\documents and settings\administrator\application data\Cartwheel
    2012-12-16 15:28:23 -------- d-----w- c:\program files\Yahoo!
    2012-12-14 16:29:45 -------- d-----w- c:\documents and settings\administrator\local settings\application data\NPE
    2012-12-09 21:51:23 -------- d-----w- C:\HOME2
    .
    ==================== Find3M ====================
    .
    2012-12-12 17:32:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-12 17:32:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-07 03:48:47 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-07 03:48:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-04 01:19:14 134304 ----a-w- c:\windows\system32\drivers\mclient\0302000.013\ccsetx86.sys
    2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-09-30 01:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-25 04:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ============= FINISH: 11:59:22.60 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    I still need Attach.txt part of DDS.
     
  5. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/7/2010 5:15:43 PM
    System Uptime: 12/16/2012 9:58:34 AM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0HH807
    Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 53.931 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP117: 9/19/2012 12:06:56 PM - System Checkpoint
    RP118: 9/20/2012 12:41:13 PM - System Checkpoint
    RP119: 9/21/2012 2:19:42 PM - System Checkpoint
    RP120: 9/22/2012 4:14:18 PM - System Checkpoint
    RP121: 9/26/2012 2:02:04 PM - System Checkpoint
    RP122: 9/28/2012 3:29:48 PM - System Checkpoint
    RP123: 9/29/2012 4:25:53 PM - System Checkpoint
    RP124: 9/30/2012 10:04:44 PM - System Checkpoint
    RP125: 10/2/2012 10:59:43 AM - System Checkpoint
    RP126: 10/4/2012 10:18:39 AM - System Checkpoint
    RP127: 10/5/2012 1:32:09 PM - System Checkpoint
    RP128: 10/6/2012 5:43:53 PM - System Checkpoint
    RP129: 10/6/2012 10:48:41 PM - Installed Java 7 Update 7
    RP130: 10/8/2012 10:41:54 AM - System Checkpoint
    RP131: 10/9/2012 1:33:42 PM - System Checkpoint
    RP132: 10/12/2012 11:45:48 PM - System Checkpoint
    RP133: 10/14/2012 12:09:14 AM - System Checkpoint
    RP134: 10/16/2012 9:58:56 AM - System Checkpoint
    RP135: 10/18/2012 9:17:26 AM - System Checkpoint
    RP136: 10/19/2012 1:07:24 PM - System Checkpoint
    RP137: 10/21/2012 2:12:41 PM - Software Distribution Service 3.0
    RP138: 10/22/2012 10:58:48 AM - Installed Java 7 Update 9
    RP139: 10/24/2012 10:12:42 AM - System Checkpoint
    RP140: 10/26/2012 9:59:05 AM - System Checkpoint
    RP141: 10/27/2012 12:38:19 PM - System Checkpoint
    RP142: 10/30/2012 9:16:32 AM - System Checkpoint
    RP143: 10/31/2012 11:57:56 AM - System Checkpoint
    RP144: 11/1/2012 10:37:42 PM - System Checkpoint
    RP145: 11/3/2012 3:30:42 PM - System Checkpoint
    RP146: 11/4/2012 4:20:04 PM - System Checkpoint
    RP147: 11/9/2012 9:56:23 AM - System Checkpoint
    RP148: 11/10/2012 2:08:04 PM - System Checkpoint
    RP149: 11/14/2012 5:23:53 PM - System Checkpoint
    RP150: 11/15/2012 5:50:42 PM - System Checkpoint
    RP151: 11/16/2012 6:14:45 PM - System Checkpoint
    RP152: 11/18/2012 9:48:04 AM - System Checkpoint
    RP153: 11/19/2012 10:29:12 AM - System Checkpoint
    RP154: 11/20/2012 1:07:31 PM - System Checkpoint
    RP155: 11/21/2012 4:14:37 PM - System Checkpoint
    RP156: 11/22/2012 11:18:17 PM - System Checkpoint
    RP157: 11/23/2012 11:38:15 PM - System Checkpoint
    RP158: 11/24/2012 11:41:13 PM - System Checkpoint
    RP159: 11/27/2012 1:21:50 PM - System Checkpoint
    RP160: 11/28/2012 8:35:24 PM - System Checkpoint
    RP161: 12/1/2012 9:06:35 PM - System Checkpoint
    RP162: 12/3/2012 12:22:02 PM - System Checkpoint
    RP163: 12/4/2012 4:38:42 PM - System Checkpoint
    RP164: 12/8/2012 10:01:27 PM - System Checkpoint
    RP165: 12/9/2012 2:31:25 PM - Software Distribution Service 3.0
    RP166: 12/9/2012 5:03:35 PM - Installed LightScribe System Software.
    RP167: 12/11/2012 9:52:33 AM - System Checkpoint
    RP168: 12/13/2012 12:23:51 AM - System Checkpoint
    RP169: 12/14/2012 11:16:06 AM - Norton_Power_Eraser_20121214111602046
    RP170: 12/15/2012 9:55:20 PM - System Checkpoint
    RP171: 12/16/2012 9:59:23 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    ATI AVIVO Codecs
    Broadcom Gigabit Integrated Controller
    Cartwheel Shopping
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CDisplay 1.8
    DefaultTab
    Dell Driver Download Manager
    DVD Shrink 3.2
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Deskjet 2050 J510 series Basic Device Software
    HP Deskjet 2050 J510 series Help
    Intel(R) Graphics Media Accelerator Driver
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 26
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Nero 6 Ultra Edition
    Norton 360
    Norton Management
    OpenOffice.org 3.1
    PunkBuster Services
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    SoundMAX
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/9/2012 11:26:15 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    12/9/2012 11:26:03 PM, error: Dhcp [1002] - The IP address lease 71.85.230.56 for the Network Card with network address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  6. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    Oops! Okay Broni, here is the DDS Att.file

    Things have only gotten worse with each keystroke on my PC.
    When I launch Internet Explorer my entire PC freezes and I must restart. I am attempting to run my Norton360 right now. I will check back here after the Norton scan is complete. Thanks for helping.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    So far I don't see anything malicious there.

    Did you try system restore to before installing that game?
     
  8. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    I went to Add/Remove Programs and uninstalled YahooToolbar and PC Optimizer, and then did a System Restore to restore my PC to yesterdays restore point.
     
  9. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    ...and?
     
  10. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    Using System Restore did nothing to fix the problem. Over half of my desktop programs no longer respond to a double mouse click, when I open Internet Explorer my PC just freezes (mouse arrow becomes an hourglass), and Norton360 does not work. I've tried to run Norton twice and it stalls and freezes after scanning 2790 files. What is going on? Should I delete and reinstall IE Explorer? Should I delete or uninstall The Slender Man? And where did my taskbar icons go?
     
  11. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
     
  12. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Remove -- Date : 12/16/2012 17:41:43

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] DTUpdate.exe -- C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[12] : NtAlertResumeThread @ 0x80637C26 -> HOOKED (Unknown @ 0x8ACAC610)
    SSDT[13] : NtAlertThread @ 0x80592C38 -> HOOKED (Unknown @ 0x8ACAC6F0)
    SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8AD5C4A8)
    SSDT[19] : NtAssignProcessToJobObject @ 0x805E0F71 -> HOOKED (Unknown @ 0x8ACAD690)
    SSDT[31] : NtConnectPort @ 0x80590E5B -> HOOKED (Unknown @ 0x8ABEA1B0)
    SSDT[43] : NtCreateMutant @ 0x80584095 -> HOOKED (Unknown @ 0x8ACACEC0)
    SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFACA -> HOOKED (Unknown @ 0x8ACADA60)
    SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0x8AC18810)
    SSDT[57] : NtDebugActiveProcess @ 0x80663261 -> HOOKED (Unknown @ 0x8ACAD1C0)
    SSDT[68] : NtDuplicateObject @ 0x8057F195 -> HOOKED (Unknown @ 0x8ACB4878)
    SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x8AC592C0)
    SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD05 -> HOOKED (Unknown @ 0x8ACACF90)
    SSDT[91] : NtImpersonateThread @ 0x805876C2 -> HOOKED (Unknown @ 0x8ACACAD8)
    SSDT[97] : NtLoadDriver @ 0x805AF89E -> HOOKED (Unknown @ 0x8AC94BC0)
    SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (Unknown @ 0x8ADCAAE8)
    SSDT[114] : NtOpenEvent @ 0x80589D69 -> HOOKED (Unknown @ 0x8AB6F550)
    SSDT[122] : NtOpenProcess @ 0x8057F942 -> HOOKED (Unknown @ 0x8AC7E2C8)
    SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x8AB6E4A8)
    SSDT[125] : NtOpenSection @ 0x8057919E -> HOOKED (Unknown @ 0x8AB6FED8)
    SSDT[128] : NtOpenThread @ 0x805E4817 -> HOOKED (Unknown @ 0x8ADA7308)
    SSDT[137] : NtProtectVirtualMemory @ 0x8057F573 -> HOOKED (Unknown @ 0x8ACADB50)
    SSDT[206] : NtResumeThread @ 0x805853B8 -> HOOKED (Unknown @ 0x8ACAC220)
    SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0x8AB6EA28)
    SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x8AD33930)
    SSDT[240] : NtSetSystemInformation @ 0x805B14D0 -> HOOKED (Unknown @ 0x8ACAD280)
    SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (Unknown @ 0x8AB6FA28)
    SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (Unknown @ 0x8AB6EE18)
    SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (Unknown @ 0x8ADA52A8)
    SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (Unknown @ 0x8AB6EED8)
    SSDT[267] : NtUnmapViewOfSection @ 0x8057A7B1 -> HOOKED (Unknown @ 0x8ADCAA28)
    SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (Unknown @ 0x8AC8E530)
    S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AC0C910)
    S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AB09258)
    S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8AB049D8)
    S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8AC7C9D8)
    S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AC6EAF0)
    S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8ADF0D20)
    S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8ADB3270)
    S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8ADE67D0)
    S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8ADA9C50)
    S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AC6F3E0)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST380013AS +++++
    --- User ---
    [MBR] 68543f0563158d43b37a920b968b72fe
    [BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76293 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[7]_D_12162012_02d1741.txt >>
    RKreport[1]_S_12162012_02d1739.txt ; RKreport[2]_D_12162012_02d1740.txt ; RKreport[3]_D_12162012_02d1740.txt ; RKreport[4]_D_12162012_02d1741.txt ; RKreport[5]_D_12162012_02d1741.txt ;
    RKreport[6]_D_12162012_02d1741.txt ; RKreport[7]_D_12162012_02d1741.txt
     
  13. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Scan -- Date : 12/16/2012 17:39:17

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] DTUpdate.exe -- C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[12] : NtAlertResumeThread @ 0x80637C26 -> HOOKED (Unknown @ 0x8ACAC610)
    SSDT[13] : NtAlertThread @ 0x80592C38 -> HOOKED (Unknown @ 0x8ACAC6F0)
    SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x8AD5C4A8)
    SSDT[19] : NtAssignProcessToJobObject @ 0x805E0F71 -> HOOKED (Unknown @ 0x8ACAD690)
    SSDT[31] : NtConnectPort @ 0x80590E5B -> HOOKED (Unknown @ 0x8ABEA1B0)
    SSDT[43] : NtCreateMutant @ 0x80584095 -> HOOKED (Unknown @ 0x8ACACEC0)
    SSDT[52] : NtCreateSymbolicLinkObject @ 0x805DFACA -> HOOKED (Unknown @ 0x8ACADA60)
    SSDT[53] : NtCreateThread @ 0x80584D41 -> HOOKED (Unknown @ 0x8AC18810)
    SSDT[57] : NtDebugActiveProcess @ 0x80663261 -> HOOKED (Unknown @ 0x8ACAD1C0)
    SSDT[68] : NtDuplicateObject @ 0x8057F195 -> HOOKED (Unknown @ 0x8ACB4878)
    SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x8AC592C0)
    SSDT[89] : NtImpersonateAnonymousToken @ 0x8059AD05 -> HOOKED (Unknown @ 0x8ACACF90)
    SSDT[91] : NtImpersonateThread @ 0x805876C2 -> HOOKED (Unknown @ 0x8ACACAD8)
    SSDT[97] : NtLoadDriver @ 0x805AF89E -> HOOKED (Unknown @ 0x8AC94BC0)
    SSDT[108] : NtMapViewOfSection @ 0x8057AC29 -> HOOKED (Unknown @ 0x8ADCAAE8)
    SSDT[114] : NtOpenEvent @ 0x80589D69 -> HOOKED (Unknown @ 0x8AB6F550)
    SSDT[122] : NtOpenProcess @ 0x8057F942 -> HOOKED (Unknown @ 0x8AC7E2C8)
    SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x8AB6E4A8)
    SSDT[125] : NtOpenSection @ 0x8057919E -> HOOKED (Unknown @ 0x8AB6FED8)
    SSDT[128] : NtOpenThread @ 0x805E4817 -> HOOKED (Unknown @ 0x8ADA7308)
    SSDT[137] : NtProtectVirtualMemory @ 0x8057F573 -> HOOKED (Unknown @ 0x8ACADB50)
    SSDT[206] : NtResumeThread @ 0x805853B8 -> HOOKED (Unknown @ 0x8ACAC220)
    SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0x8AB6EA28)
    SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x8AD33930)
    SSDT[240] : NtSetSystemInformation @ 0x805B14D0 -> HOOKED (Unknown @ 0x8ACAD280)
    SSDT[253] : NtSuspendProcess @ 0x80637B6B -> HOOKED (Unknown @ 0x8AB6FA28)
    SSDT[254] : NtSuspendThread @ 0x80637A87 -> HOOKED (Unknown @ 0x8AB6EE18)
    SSDT[257] : NtTerminateProcess @ 0x8058E8B9 -> HOOKED (Unknown @ 0x8ADA52A8)
    SSDT[258] : NtTerminateThread @ 0x8058496E -> HOOKED (Unknown @ 0x8AB6EED8)
    SSDT[267] : NtUnmapViewOfSection @ 0x8057A7B1 -> HOOKED (Unknown @ 0x8ADCAA28)
    SSDT[277] : NtWriteVirtualMemory @ 0x805875F7 -> HOOKED (Unknown @ 0x8AC8E530)
    S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AC0C910)
    S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8AB09258)
    S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8AB049D8)
    S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8AC7C9D8)
    S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AC6EAF0)
    S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8ADF0D20)
    S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8ADB3270)
    S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8ADE67D0)
    S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8ADA9C50)
    S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AC6F3E0)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST380013AS +++++
    --- User ---
    [MBR] 68543f0563158d43b37a920b968b72fe
    [BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76293 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_12162012_02d1739.txt >>
    RKreport[1]_S_12162012_02d1739.txt
     
  14. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-16 17:45:13
    -----------------------------
    17:45:13.687 OS Version: Windows 5.1.2600 Service Pack 3
    17:45:13.687 Number of processors: 2 586 0x403
    17:45:13.687 ComputerName: GX620 UserName:
    17:45:16.406 Initialize success
    18:00:26.265 AVAST engine defs: 12121601
    18:03:00.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    18:03:00.484 Disk 0 Vendor: ST380013AS 8.12 Size: 76293MB BusType: 3
    18:03:00.500 Disk 0 MBR read successfully
    18:03:00.500 Disk 0 MBR scan
    18:03:00.609 Disk 0 Windows XP default MBR code
    18:03:00.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76293 MB offset 63
    18:03:00.609 Disk 0 scanning sectors +156248190
    18:03:00.671 Disk 0 scanning C:\WINDOWS\system32\drivers
    18:03:10.609 Service scanning
    18:03:24.734 Modules scanning
    18:03:30.125 Disk 0 trace - called modules:
    18:03:30.140 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    18:03:30.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aef5ab8]
    18:03:30.140 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8af4db58]
    18:03:30.640 AVAST engine scan C:\WINDOWS
    18:03:35.328 AVAST engine scan C:\WINDOWS\system32
    18:05:30.484 AVAST engine scan C:\WINDOWS\system32\drivers
    18:05:43.906 AVAST engine scan C:\Documents and Settings\Administrator
    18:07:36.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
    18:07:36.609 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
     
  15. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==========================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  16. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    ComboFix 12-12-14.01 - Administrator 12/16/2012 19:34:58.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2916 [GMT -6:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\addon.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DT.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\imdb_ie.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\searchhere.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
    c:\documents and settings\Administrator\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
    c:\documents and settings\Administrator\WINDOWS
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_DefaultTabUpdate
    -------\Legacy_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
    2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
    2012-12-16 15:28 . 2012-12-17 01:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\DefaultTab
    2012-12-16 15:28 . 2012-12-16 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Cartwheel
    2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\program files\Yahoo!
    2012-12-14 16:29 . 2012-12-14 17:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE
    2012-12-09 23:03 . 2012-12-09 23:03 -------- d-----w- c:\program files\Common Files\LightScribe
    2012-12-09 21:51 . 2012-12-09 22:34 -------- d-----w- C:\HOME2
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 17:32 . 2012-04-03 02:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-12 17:32 . 2011-06-17 22:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-07 03:48 . 2012-10-07 03:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-07 03:48 . 2011-06-17 22:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-04 01:19 . 2012-10-23 16:21 134304 ----a-w- c:\windows\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys
    2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-09-30 01:54 . 2011-06-19 21:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-25 04:16 . 2012-10-22 15:59 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-12-01 18:07 . 2012-12-01 18:07 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
     
  17. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    I suddenly have seven (7) separate RogueKiller reports on my desktop. Do you need to see all of them?
     
  18. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    No, but Combofix log is incomplete.
    Repost.
    "C:\ComboFix.txt"
     
  19. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    ComboFix 12-12-17.01 - Administrator 12/16/2012 22:53:37.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3012 [GMT -6:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
    2012-12-16 15:58 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
    2012-12-16 15:28 . 2012-12-17 01:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\DefaultTab
    2012-12-16 15:28 . 2012-12-16 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Cartwheel
    2012-12-16 15:28 . 2012-12-16 15:58 -------- d-----w- c:\program files\Yahoo!
    2012-12-14 16:29 . 2012-12-14 17:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPE
    2012-12-09 23:03 . 2012-12-09 23:03 -------- d-----w- c:\program files\Common Files\LightScribe
    2012-12-09 21:51 . 2012-12-09 22:34 -------- d-----w- C:\HOME2
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 17:32 . 2012-04-03 02:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-12 17:32 . 2011-06-17 22:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-07 03:48 . 2012-10-07 03:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-07 03:48 . 2011-06-17 22:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-04 01:19 . 2012-10-23 16:21 134304 ----a-w- c:\windows\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys
    2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-09-30 01:54 . 2011-06-19 21:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-25 04:16 . 2012-10-22 15:59 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-12-01 18:07 . 2012-12-01 18:07 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B50DF051-E1D4-439C-B94E-F4DE82B56542}]
    2012-10-17 22:18 231432 ----a-w- c:\documents and settings\Administrator\Application Data\Cartwheel\Cartwheel.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2006-03-24 01:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2006-03-24 01:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2012-09-30 01:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2003-12-25 03:00 32768 ----a-w- c:\windows\system32\rmctrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2012-07-04 04:48 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\symds.sys [10/2/2012 9:52 AM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\symefa.sys [10/2/2012 9:52 AM 924320]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [12/3/2012 12:17 PM 995488]
    R1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys [10/23/2012 10:21 AM 134304]
    R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccsetx86.sys [10/2/2012 9:52 AM 132768]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\ironx86.sys [10/2/2012 9:52 AM 149624]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/9/2012 3:02 PM 399432]
    R2 MCLIENT;Norton Management;c:\program files\Norton Management\Engine\3.2.0.19\ccsvchst.exe [10/23/2012 10:21 AM 143928]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccsvchst.exe [10/2/2012 9:52 AM 138272]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [6/19/2011 11:41 AM 103040]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 6:48 AM 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121214.001\IDSXpx86.sys [12/15/2012 9:51 AM 373728]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/19/2011 3:20 PM 22856]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/19/2011 3:20 PM 676936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2012-07-02 21:40 453736 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:32]
    .
    2012-12-17 c:\windows\Tasks\User_Feed_Synchronization-{7F981BCB-ABC9-4C36-9EBA-E7880CC42B20}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-16 22:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MCLIENT]
    "ImagePath"="\"c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,06,89,b7,96,6d,80,42,96,8c,cf,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,fa,d3,ba,3d,bf,3c,4e,a6,be,62,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,06,89,b7,96,6d,80,42,96,8c,cf,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(692)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(1628)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-12-16 23:01:14
    ComboFix-quarantined-files.txt 2012-12-17 05:01
    ComboFix2.txt 2012-12-17 01:43
    ComboFix3.txt 2012-02-06 23:56
    ComboFix4.txt 2012-02-02 02:03
    .
    Pre-Run: 57,647,828,992 bytes free
    Post-Run: 57,440,571,392 bytes free
    .
    - - End Of File - - D87C684EE45A8BB1736157E476EF7B88
     
  20. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    Oops, sorry about the error with ComboFix. I hope the new log is correct. I am still having all the same problems with Internet Explorer, programs will not start via double mouse click, and Norton360 stalls out just after 2000 files are scanned. Thanks for the help Broni.
     
  21. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    If this is Desktop shortcut try to create new one.

    As for Norton you may need to reinstall it.

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  22. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    # AdwCleaner v2.101 - Logfile created 12/17/2012 at 00:07:17
    # Updated 16/12/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Administrator - GX620
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\searchplugins\safesearch.xml
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DefaultTab

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\DefaultTab
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    Profile name : default
    File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1387 octets] - [17/12/2012 00:06:49]
    AdwCleaner[S1].txt - [1332 octets] - [17/12/2012 00:07:17]

    ########## EOF - C:\AdwCleaner[S1].txt - [1392 octets] ##########
     
  23. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    OTL logfile created on: 12/17/2012 12:13:01 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 83.79% Memory free
    4.09 Gb Paging File | 3.71 Gb Available in Paging File | 90.61% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 53.71 Gb Free Space | 72.09% Space Free | Partition Type: NTFS

    Computer Name: GX620 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/17 00:05:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
    PRC - [2012/10/10 20:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccsvchst.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccsvchst.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - [2012/12/12 11:32:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/01 12:07:23 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/10 20:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe -- (MCLIENT)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/10/23 17:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121130.005\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2012/10/03 19:19:14 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MCLIENT\0302000.013\ccsetx86.sys -- (ccSet_MCLIENT)
    DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/09/14 09:26:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121216.007\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/09/14 09:26:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20121216.007\NAVENG.SYS -- (NAVENG)
    DRV - [2012/09/06 03:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121214.001\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2012/08/09 06:48:37 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/08/09 06:48:37 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/07/05 20:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
    DRV - [2012/07/05 20:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
    DRV - [2012/07/04 00:54:32 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2012/07/01 17:56:17 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012/06/06 22:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
    DRV - [2012/05/21 19:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
    DRV - [2012/05/14 00:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
    DRV - [2012/03/29 00:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\symtdi.sys -- (SYMTDI)
    DRV - [2012/03/29 00:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\symds.sys -- (SymDS)
    DRV - [2012/03/29 00:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
    DRV - [2010/04/27 17:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
    DRV - [2010/04/27 17:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
    DRV - [2010/04/27 17:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
    DRV - [2010/04/27 15:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
    DRV - [2005/03/17 15:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-790525478-796845957-725345543-500\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-790525478-796845957-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-790525478-796845957-725345543-500\..\SearchScopes\{271AB670-473B-4EDC-8036-15E5194F33A9}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20121251,6901,0,8,0
    IE - HKU\S-1-5-21-790525478-796845957-725345543-500\..\SearchScopes\{988AA950-1F62-48B2-A8DA-EFE0B23C8875}: "URL" = http://www.mysearchresults.com/search?&c=2650&t=03&q={searchTerms}
    IE - HKU\S-1-5-21-790525478-796845957-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%203
    FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.1
    FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.8.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/07/01 17:59:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012/12/17 00:09:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/01 12:07:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/01 12:07:16 | 000,000,000 | ---D | M]

    [2010/04/07 16:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2012/12/16 15:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\extensions
    [2012/12/16 15:56:25 | 000,234,972 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ga180uks.default\extensions\artur.dubovoy@gmail.com.xpi
    [2012/12/01 12:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/12/17 00:09:39 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\COFFPLGN
    [2012/07/01 17:59:49 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPLGN
    [2011/07/04 08:31:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/12/01 12:07:23 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/08/29 09:25:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/12 17:01:44 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/12/16 19:40:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-790525478-796845957-725345543-500\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
    O3 - HKU\S-1-5-21-790525478-796845957-725345543-500\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
    O3 - HKU\S-1-5-21-790525478-796845957-725345543-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-790525478-796845957-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-790525478-796845957-725345543-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1340484126046 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1350846574421 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2225B3BB-99B4-43AD-B80C-7B7402075F2B}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    O18 - Protocol\Handler\mhtml - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/04/07 16:13:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/16 19:31:14 | 005,011,996 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012/12/16 17:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
    [2012/12/16 09:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
    [2012/12/16 09:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
    [2012/12/16 09:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Slender v0.9.7
    [2012/12/16 09:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
    [2012/12/16 09:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2012/12/14 10:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
    [2012/12/09 17:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LightScribe Direct Disc Labeling
    [2012/12/09 17:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
    [2012/12/09 15:51:23 | 000,000,000 | ---D | C] -- C:\HOME2
    [2012/12/01 12:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/17 00:09:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/12/17 00:08:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/12/16 23:32:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/12/16 23:21:57 | 000,004,625 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/12/16 23:21:50 | 000,432,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/12/16 23:21:50 | 000,067,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/12/16 22:51:08 | 005,011,996 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012/12/16 19:40:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/12/16 18:26:15 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7F981BCB-ABC9-4C36-9EBA-E7880CC42B20}.job
    [2012/12/16 18:07:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2012/12/16 14:21:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/12/16 13:43:53 | 000,106,484 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559867574_7095613_n.jpg
    [2012/12/16 13:43:34 | 000,075,678 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559862574_6188948_n.jpg
    [2012/12/16 13:43:19 | 000,080,971 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559857574_334677_n.jpg
    [2012/12/16 13:14:25 | 000,059,706 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\261_1062181270983_8081_n.jpg
    [2012/12/16 10:53:14 | 000,085,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\198723_246654008692257_3722898_n.jpg
    [2012/12/16 10:34:55 | 000,100,854 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\527968_10151082408668579_1144189974_n.jpg
    [2012/12/16 10:05:56 | 000,111,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\575143_10151496327190174_908941605_n.jpg
    [2012/12/16 09:43:43 | 065,812,970 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Slender_v0_9_7.zip
    [2012/12/16 02:03:35 | 000,044,575 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\253_20287805827_5281_n.jpg
    [2012/12/16 01:54:28 | 000,154,897 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\556064_10150917674280828_1381619199_n.jpg
    [2012/12/16 01:43:07 | 000,039,697 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\581594_185262564942140_1908392838_n.jpg
    [2012/12/16 01:36:03 | 000,071,971 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\23472_10150157315130478_2968909_n.jpg
    [2012/12/16 01:35:47 | 000,089,247 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\23472_10150157311865478_7692424_n.jpg
    [2012/12/16 01:03:23 | 000,058,984 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\3180_1149796901319_769025_n.jpg
    [2012/12/16 01:03:18 | 000,060,869 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\3180_1149796941320_5306665_n.jpg
    [2012/12/15 23:42:09 | 000,071,459 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\248781_2144181005483_5042624_n.jpg
    [2012/12/15 23:41:12 | 000,094,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\267583_2249405116020_2639995_n.jpg
    [2012/12/15 23:21:45 | 000,085,011 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\396614_1820614511340_316881020_n.jpg
    [2012/12/15 23:10:23 | 000,084,725 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\206767_10150154363369039_6466081_n.jpg
    [2012/12/15 23:10:02 | 000,103,964 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\215679_10150154363429039_2434430_n.jpg
    [2012/12/15 23:02:44 | 000,053,307 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\9021_126017333602_4267830_n.jpg
    [2012/12/12 11:32:24 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/12/12 11:32:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/12/11 21:48:40 | 000,064,808 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\560781_210920942374896_1376037402_n.jpg
    [2012/12/10 22:01:05 | 000,053,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\205769_110753989007984_1569016_n.jpg
    [2012/12/10 21:44:31 | 000,038,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\269811_104812279614250_4588483_n.jpg
    [2012/12/09 20:59:05 | 014,117,417 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 4.mp3
    [2012/12/09 20:58:58 | 014,457,374 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 3.mp3
    [2012/12/09 20:58:50 | 014,501,103 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 2.mp3
    [2012/12/09 20:58:38 | 015,049,699 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 1.mp3
    [2012/12/09 17:03:49 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
    [2012/12/09 16:43:35 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/12/09 15:02:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/09 14:38:47 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/12/02 12:25:44 | 163,910,310 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BF3_Premium_Bonus_Art_EN_v2.pdf
    [2012/11/30 12:35:48 | 000,100,383 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ovw001-checklist.pdf
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/16 18:07:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2012/12/16 13:43:53 | 000,106,484 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559867574_7095613_n.jpg
    [2012/12/16 13:43:34 | 000,075,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559862574_6188948_n.jpg
    [2012/12/16 13:43:19 | 000,080,971 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\28238_465559857574_334677_n.jpg
    [2012/12/16 13:14:24 | 000,059,706 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\261_1062181270983_8081_n.jpg
    [2012/12/16 10:53:13 | 000,085,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\198723_246654008692257_3722898_n.jpg
    [2012/12/16 10:34:55 | 000,100,854 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\527968_10151082408668579_1144189974_n.jpg
    [2012/12/16 10:05:55 | 000,111,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\575143_10151496327190174_908941605_n.jpg
    [2012/12/16 09:43:43 | 065,812,970 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Slender_v0_9_7.zip
    [2012/12/16 02:03:35 | 000,044,575 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\253_20287805827_5281_n.jpg
    [2012/12/16 01:54:28 | 000,154,897 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\556064_10150917674280828_1381619199_n.jpg
    [2012/12/16 01:43:07 | 000,039,697 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\581594_185262564942140_1908392838_n.jpg
    [2012/12/16 01:36:03 | 000,071,971 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\23472_10150157315130478_2968909_n.jpg
    [2012/12/16 01:35:47 | 000,089,247 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\23472_10150157311865478_7692424_n.jpg
    [2012/12/16 01:03:23 | 000,058,984 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\3180_1149796901319_769025_n.jpg
    [2012/12/16 01:03:18 | 000,060,869 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\3180_1149796941320_5306665_n.jpg
    [2012/12/15 23:42:08 | 000,071,459 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\248781_2144181005483_5042624_n.jpg
    [2012/12/15 23:41:11 | 000,094,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\267583_2249405116020_2639995_n.jpg
    [2012/12/15 23:21:45 | 000,085,011 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\396614_1820614511340_316881020_n.jpg
    [2012/12/15 23:10:23 | 000,084,725 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\206767_10150154363369039_6466081_n.jpg
    [2012/12/15 23:10:02 | 000,103,964 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\215679_10150154363429039_2434430_n.jpg
    [2012/12/15 23:02:43 | 000,053,307 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\9021_126017333602_4267830_n.jpg
    [2012/12/11 21:48:40 | 000,064,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\560781_210920942374896_1376037402_n.jpg
    [2012/12/10 22:01:04 | 000,053,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\205769_110753989007984_1569016_n.jpg
    [2012/12/10 21:44:30 | 000,038,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\269811_104812279614250_4588483_n.jpg
    [2012/12/09 20:58:57 | 014,117,417 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 4.mp3
    [2012/12/09 20:58:50 | 014,457,374 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 3.mp3
    [2012/12/09 20:58:39 | 014,501,103 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 2.mp3
    [2012/12/09 20:58:30 | 015,049,699 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Coast to Coast - Nov 27 2012 - Hour 1.mp3
    [2012/12/09 17:03:49 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
    [2012/12/02 12:24:04 | 163,910,310 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BF3_Premium_Bonus_Art_EN_v2.pdf
    [2012/11/30 12:35:44 | 000,100,383 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ovw001-checklist.pdf
    [2012/03/14 16:30:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/06 17:34:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/02/06 17:34:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/02/06 17:34:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/02/06 17:34:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/02/06 17:34:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/02/01 17:35:55 | 000,199,307 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
    [2012/02/01 17:35:52 | 000,165,959 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
    [2012/02/01 17:27:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
    [2011/08/03 18:48:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2011/07/13 20:42:30 | 000,140,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2011/07/13 20:42:29 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
    [2011/07/13 20:41:51 | 000,280,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2011/07/13 20:41:49 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
    [2011/07/13 20:41:49 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2011/07/07 22:37:28 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
    [2011/06/19 09:53:07 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2011/06/19 09:53:07 | 000,618,823 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2011/06/19 09:53:07 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2011/06/17 16:27:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

    ========== ZeroAccess Check ==========

    [2011/06/17 16:24:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >
     
  24. daveed12vas

    daveed12vas TS Rookie Topic Starter Posts: 31

    OTL Extras logfile created on: 12/17/2012 12:13:01 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.50 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 83.79% Memory free
    4.09 Gb Paging File | 3.71 Gb Available in Paging File | 90.61% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 53.71 Gb Free Space | 72.09% Space Free | Partition Type: NTFS

    Computer Name: GX620 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:pnkBstrA -- ()
    "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:pnkBstrB -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0807E67B-DACB-1739-A87E-3046FF40BA23}" = CCC Help Chinese Traditional
    "{0DF310E3-6C01-99DC-296F-1D021BA36C2D}" = CCC Help English
    "{1E8E87B5-4531-CEE3-4791-6AD9E72076EC}" = CCC Help Danish
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
    "{27596347-C945-B113-EF47-169D471CEB05}" = CCC Help Turkish
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3666DE18-A4CC-4E1E-8165-0D78758C2209}" = CCC Help Russian
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{479826D5-FE36-711F-8BE3-AB7B44440F66}" = ccc-utility
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}" = HP Deskjet 2050 J510 series Basic Device Software
    "{532669C6-3139-E755-B3B8-95F184EB27EB}" = CCC Help German
    "{577F4DD2-ED68-690F-6328-8A8CAC8FCA75}" = CCC Help Polish
    "{637A3EC2-4299-67B2-E0D2-C25572F4D37A}" = CCC Help Thai
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F2954FB-3F0F-B384-3E6F-5D0CAAF80A77}" = ATI AVIVO Codecs
    "{702F39B4-05FB-22F4-8426-E5FFFA330FF3}" = CCC Help Chinese Standard
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73FB391E-E800-CC82-D9BA-EF9CB8A939F3}" = CCC Help French
    "{747E2E56-A68B-15C6-BB77-31BFE0C031EF}" = CCC Help Spanish
    "{7A37A44B-968E-6CA3-278C-878D4D08B226}" = CCC Help Czech
    "{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
    "{7C0FB04E-5A40-C63D-CC1B-B6C1B60FDDA3}" = CCC Help Japanese
    "{7D94796D-007E-45DE-CEAD-8E616D78E95B}" = CCC Help Dutch
    "{7E7C98D1-4F44-21D4-C351-25E2367027F3}" = Catalyst Control Center
    "{87A91A66-1566-714D-E1BE-1F3B040E65D5}" = CCC Help Swedish
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software
    "{92F63D17-2A32-7184-B8D7-905E0E1BC2A9}" = CCC Help Hungarian
    "{95CEF602-B837-0C37-F5E6-49C8F3196998}" = CCC Help Greek
    "{97E1A4DE-82AB-0448-0AEA-77DC1DD9A492}" = Catalyst Control Center Localization All
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DFD861E-2692-873F-BA2C-E4788648D966}" = CCC Help Italian
    "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B50676DC-AAE9-20DF-01A5-DABCDECD6DFC}" = Catalyst Control Center Graphics Previews Common
    "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D6346B4B-FDD6-C406-06FE-0CF77F561E78}" = AMD Catalyst Install Manager
    "{D9C7FB0D-B233-1B2E-E9DC-543911F6D94A}" = Catalyst Control Center InstallProxy
    "{DD9F821E-7B8D-210F-A4AE-47C60870DEBE}" = CCC Help Norwegian
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E6F42010-AA5A-B862-9620-8CBD23ACDED4}" = CCC Help Portuguese
    "{EAAE7669-947C-26DD-563D-863B63FFC1EA}" = CCC Help Finnish
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F296A4CD-54A2-1EEE-CE14-8F88A1D97083}" = CCC Help Korean
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "CCleaner" = CCleaner
    "CDisplay_is1" = CDisplay 1.8
    "DVD Shrink_is1" = DVD Shrink 3.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "MCLIENT" = Norton Management
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "N360" = Norton 360
    "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PunkBusterSvc" = PunkBuster Services
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-790525478-796845957-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/20/2012 10:46:02 AM | Computer Name = GX620 | Source = Application Error | ID = 1001
    Description = Fault bucket -1216698070.

    Error - 8/23/2012 11:24:47 AM | Computer Name = GX620 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 9/8/2012 3:55:56 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 9/9/2012 3:33:16 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 9/9/2012 3:33:23 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 9/10/2012 3:04:47 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 10/2/2012 11:30:22 AM | Computer Name = GX620 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 10/10/2012 11:43:46 AM | Computer Name = GX620 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/1/2012 1:34:15 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/1/2012 9:23:18 PM | Computer Name = GX620 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    [ System Events ]
    Error - 12/1/2012 9:23:14 PM | Computer Name = GX620 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.100.2 for the Network Card with network
    address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
    Server sent a DHCPNACK message).

    Error - 12/6/2012 11:20:51 AM | Computer Name = GX620 | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.100.2 on
    the Network Card with network address 0013727340F4.

    Error - 12/8/2012 10:20:38 PM | Computer Name = GX620 | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 12/8/2012 10:20:38 PM | Computer Name = GX620 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 12/8/2012 10:20:55 PM | Computer Name = GX620 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.100.2 for the Network Card with network
    address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
    Server sent a DHCPNACK message).

    Error - 12/10/2012 1:26:03 AM | Computer Name = GX620 | Source = Dhcp | ID = 1002
    Description = The IP address lease 71.85.230.56 for the Network Card with network
    address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
    Server sent a DHCPNACK message).

    Error - 12/10/2012 1:26:15 AM | Computer Name = GX620 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.100.2 for the Network Card with network
    address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
    Server sent a DHCPNACK message).

    Error - 12/14/2012 12:05:26 PM | Computer Name = GX620 | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.100.2 for the Network Card with network
    address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
    Server sent a DHCPNACK message).

    Error - 12/16/2012 5:32:39 PM | Computer Name = GX620 | Source = Dhcp | ID = 1002
    Description = The IP address lease 71.85.225.232 for the Network Card with network
    address 0013727340F4 has been denied by the DHCP server 192.168.100.1 (The DHCP
    Server sent a DHCPNACK message).

    Error - 12/16/2012 7:38:41 PM | Computer Name = GX620 | Source = Service Control Manager | ID = 7034
    Description = The DefaultTabUpdate service terminated unexpectedly. It has done
    this 1 time(s).


    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKU\S-1-5-21-790525478-796845957-725345543-500\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
      O3 - HKU\S-1-5-21-790525478-796845957-725345543-500\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.