Solved One large rat trap please

[SledgeProne]

Yesterday, my system began hanging on various tasks and duties, coupled with freezing webpages. An updated scan of Malwarebytes initially netted some nefarious clutter, but the cleansing produced no significant improvements in performance.
Unsure of whether it was malware related, I cleaned up resources with Tuneup Utilities, while I sought an alternate opinion of viral analysis from HouseCall.
Meanwhile, Malwarebytes was returning negative scans for any high profile threats. This, in stark contrast to diminishing system performance, and responsiveness. HouseCall however, found no offending threats.
Convinced a hijacker was nevertheless aboard, and simply evading detection, I downloaded the latest TDSSKiller,which unearthed a rootkit. Despite efforts to disinfect, it was back this evening, in a return engagement, which consequently has returned me to your doorstep, seeking a rat trap.
23:51:02.0046 5320 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:51:02.0984 5320 ============================================================
23:51:02.0984 5320 Current date / time: 2012/11/23 23:51:02.0984
23:51:02.0984 5320 SystemInfo:
23:51:02.0984 5320
23:51:02.0984 5320 OS Version: 5.1.2600 ServicePack: 3.0
23:51:02.0984 5320 Product type: Workstation
23:51:02.0984 5320 ComputerName: ENDLESS
23:51:02.0984 5320 UserName: Master Blaster
23:51:02.0984 5320 Windows directory: C:\WINDOWS
23:51:02.0984 5320 System windows directory: C:\WINDOWS
23:51:02.0984 5320 Processor architecture: Intel x86
23:51:02.0984 5320 Number of processors: 2
23:51:02.0984 5320 Page size: 0x1000
23:51:02.0984 5320 Boot type: Normal boot
23:51:02.0984 5320 ============================================================
23:51:04.0593 5320 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:51:04.0609 5320 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:51:04.0656 5320 ============================================================
23:51:04.0656 5320 \Device\Harddisk0\DR0:
23:51:04.0656 5320 MBR partitions:
23:51:04.0656 5320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
23:51:04.0656 5320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0x4754A6BD
23:51:04.0656 5320 \Device\Harddisk1\DR1:
23:51:04.0656 5320 MBR partitions:
23:51:04.0656 5320 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
23:51:04.0656 5320 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12A14C00, BlocksNum 0x12A18AC1
23:51:04.0656 5320 ============================================================
23:51:04.0687 5320 C: <-> \Device\Harddisk0\DR0\Partition1
23:51:04.0843 5320 E: <-> \Device\Harddisk1\DR1\Partition1
23:51:05.0078 5320 F: <-> \Device\Harddisk1\DR1\Partition2
23:51:05.0484 5320 G: <-> \Device\Harddisk0\DR0\Partition2
23:51:05.0484 5320 ============================================================
23:51:05.0484 5320 Initialize success
23:51:05.0484 5320 ============================================================
23:51:08.0843 4220 ============================================================
23:51:08.0843 4220 Scan started
23:51:08.0843 4220 Mode: Manual;
23:51:08.0843 4220 ============================================================
23:51:11.0890 4220 ================ Scan system memory ========================
23:51:11.0906 4220 System memory - ok
23:51:11.0906 4220 ================ Scan services =============================
23:51:12.0015 4220 Abiosdsk - ok
23:51:12.0031 4220 abp480n5 - ok
23:51:12.0078 4220 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:51:12.0093 4220 ACPI - ok
23:51:12.0125 4220 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:51:12.0125 4220 ACPIEC - ok
23:51:12.0203 4220 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:51:12.0218 4220 AdobeFlashPlayerUpdateSvc - ok
23:51:12.0234 4220 adpu160m - ok
23:51:12.0296 4220 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:51:12.0296 4220 aec - ok
23:51:12.0343 4220 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:51:12.0359 4220 AFD - ok
23:51:12.0359 4220 Aha154x - ok
23:51:12.0375 4220 aic78u2 - ok
23:51:12.0375 4220 aic78xx - ok
23:51:13.0125 4220 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files\common files\akamai/netsession_win_ce5ba24.dll
23:51:13.0125 4220 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
23:51:13.0140 4220 Akamai ( HiddenFile.Multi.Generic ) - warning
23:51:13.0140 4220 Akamai - detected HiddenFile.Multi.Generic (1)
23:51:13.0156 4220 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:51:13.0187 4220 Alerter - ok
23:51:13.0203 4220 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:51:13.0203 4220 ALG - ok
23:51:13.0203 4220 AliIde - ok
23:51:13.0203 4220 amsint - ok
23:51:13.0218 4220 ANC - ok
23:51:13.0250 4220 [ 1BF91F352D746AD7469FA71783B5FAE8 ] APLMp50 C:\WINDOWS\system32\Drivers\APLMp50.sys
23:51:13.0250 4220 APLMp50 - ok
23:51:13.0328 4220 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:51:13.0343 4220 Apple Mobile Device - ok
23:51:13.0375 4220 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:51:13.0390 4220 AppMgmt - ok
23:51:13.0390 4220 asc - ok
23:51:13.0406 4220 asc3350p - ok
23:51:13.0406 4220 asc3550 - ok
23:51:13.0406 4220 ashampoodefragservice - ok
23:51:13.0500 4220 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:51:13.0500 4220 aspnet_state - ok
23:51:13.0546 4220 [ 0C83FC56707BF68DB04947052A8188B1 ] ASTSRV C:\WINDOWS\system32\ASTSRV.EXE
23:51:13.0546 4220 ASTSRV - ok
23:51:13.0578 4220 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:51:13.0578 4220 AsyncMac - ok
23:51:13.0593 4220 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:51:13.0593 4220 atapi - ok
23:51:13.0593 4220 Atdisk - ok
23:51:13.0687 4220 [ D80A3FD3DB6F999F6D1C6D23A293851B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:51:13.0750 4220 Ati HotKey Poller - ok
23:51:14.0468 4220 [ C832BF76F003999D2E91E5115583C69E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:51:15.0203 4220 ati2mtag - ok
23:51:15.0250 4220 [ 0D6B8359677D05142B624F09C28D643A ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
23:51:15.0250 4220 AtiHDAudioService - ok
23:51:15.0265 4220 atinevxx - ok
23:51:15.0281 4220 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:51:15.0281 4220 Atmarpc - ok
23:51:15.0312 4220 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:51:15.0312 4220 AudioSrv - ok
23:51:15.0343 4220 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:51:15.0359 4220 audstub - ok
23:51:15.0375 4220 bc_pat_f - ok
23:51:15.0390 4220 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:51:15.0390 4220 Beep - ok
23:51:15.0468 4220 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:51:15.0515 4220 Bonjour Service - ok
23:51:15.0562 4220 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:51:15.0578 4220 Browser - ok
23:51:15.0687 4220 catchme - ok
23:51:15.0718 4220 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:51:15.0718 4220 cbidf2k - ok
23:51:15.0734 4220 ccproxy - ok
23:51:15.0734 4220 cd20xrnt - ok
23:51:15.0750 4220 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:51:15.0750 4220 Cdaudio - ok
23:51:15.0781 4220 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:51:15.0781 4220 Cdfs - ok
23:51:15.0828 4220 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:51:15.0828 4220 Cdrom - ok
23:51:15.0828 4220 Changer - ok
23:51:15.0843 4220 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
23:51:15.0843 4220 cisvc - ok
23:51:15.0859 4220 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:51:15.0859 4220 ClipSrv - ok
23:51:15.0890 4220 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:51:15.0906 4220 clr_optimization_v2.0.50727_32 - ok
23:51:15.0984 4220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:51:16.0000 4220 clr_optimization_v4.0.30319_32 - ok
23:51:16.0000 4220 CmdIde - ok
23:51:16.0000 4220 COMSysApp - ok
23:51:16.0015 4220 Cpqarray - ok
23:51:16.0031 4220 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:51:16.0046 4220 CryptSvc - ok
23:51:16.0046 4220 ctdvda2k - ok
23:51:16.0046 4220 ctxcpubal - ok
23:51:16.0046 4220 dac2w2k - ok
23:51:16.0062 4220 dac960nt - ok
23:51:16.0125 4220 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:51:16.0250 4220 DcomLaunch - ok
23:51:16.0281 4220 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:51:16.0281 4220 Dhcp - ok
23:51:16.0312 4220 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:51:16.0312 4220 Disk - ok
23:51:16.0312 4220 dmadmin - ok
23:51:16.0406 4220 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:51:16.0515 4220 dmboot - ok
23:51:16.0546 4220 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:51:16.0562 4220 dmio - ok
23:51:16.0578 4220 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:51:16.0578 4220 dmload - ok
23:51:16.0593 4220 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:51:16.0593 4220 dmserver - ok
23:51:16.0625 4220 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:51:16.0640 4220 DMusic - ok
23:51:16.0656 4220 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:51:16.0656 4220 Dnscache - ok
23:51:16.0687 4220 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:51:16.0703 4220 Dot3svc - ok
23:51:16.0718 4220 dpti2o - ok
23:51:16.0750 4220 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:51:16.0750 4220 drmkaud - ok
23:51:16.0765 4220 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:51:16.0781 4220 EapHost - ok
23:51:16.0781 4220 ENTECH - ok
23:51:16.0796 4220 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:51:16.0796 4220 ERSvc - ok
23:51:16.0828 4220 [ EADA995E71211537FB3726C700AF6FAC ] EUBAKUP C:\WINDOWS\system32\drivers\eubakup.sys
23:51:16.0828 4220 EUBAKUP - ok
23:51:16.0859 4220 [ 37ABA51F85518FC381CEFC8D76F2E2C4 ] EuDisk C:\WINDOWS\system32\DRIVERS\EuDisk.sys
23:51:16.0875 4220 EuDisk - ok
23:51:16.0875 4220 [ CB41E20CE4A32584EA592F07F5DA12C5 ] EUDSKACS C:\WINDOWS\system32\drivers\eudskacs.sys
23:51:16.0875 4220 EUDSKACS - ok
23:51:16.0890 4220 [ A08E9E711CD7661D7C3F19EE638102C2 ] EUFS C:\WINDOWS\system32\drivers\eufs.sys
23:51:16.0890 4220 EUFS - ok
23:51:16.0937 4220 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:51:16.0937 4220 Eventlog - ok
23:51:17.0000 4220 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:51:17.0015 4220 EventSystem - ok
23:51:17.0046 4220 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:51:17.0093 4220 Fastfat - ok
23:51:17.0109 4220 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:51:17.0125 4220 FastUserSwitchingCompatibility - ok
23:51:17.0125 4220 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:51:17.0140 4220 Fdc - ok
23:51:17.0156 4220 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:51:17.0156 4220 Fips - ok
23:51:17.0171 4220 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:51:17.0171 4220 Flpydisk - ok
23:51:17.0203 4220 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:51:17.0203 4220 FltMgr - ok
23:51:17.0265 4220 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:51:17.0265 4220 FontCache3.0.0.0 - ok
23:51:17.0296 4220 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:51:17.0296 4220 Fs_Rec - ok
23:51:17.0312 4220 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:51:17.0328 4220 Ftdisk - ok
23:51:17.0328 4220 G400DH - ok
23:51:17.0328 4220 GMSIPCI - ok
23:51:17.0343 4220 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:51:17.0343 4220 Gpc - ok
23:51:17.0437 4220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:51:17.0453 4220 gupdate - ok
23:51:17.0468 4220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:51:17.0468 4220 gupdatem - ok
23:51:17.0515 4220 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:51:17.0546 4220 HDAudBus - ok
23:51:17.0578 4220 helpsvc - ok
23:51:17.0609 4220 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:51:17.0609 4220 HidServ - ok
23:51:17.0640 4220 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:51:17.0640 4220 HidUsb - ok
23:51:17.0671 4220 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:51:17.0687 4220 hkmsvc - ok
23:51:17.0687 4220 hpn - ok
23:51:17.0687 4220 hpqwmiex - ok
23:51:17.0687 4220 hpt3xx - ok
23:51:17.0734 4220 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:51:17.0765 4220 HTTP - ok
23:51:17.0796 4220 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:51:17.0890 4220 HTTPFilter - ok
23:51:17.0890 4220 i2omgmt - ok
23:51:17.0906 4220 i2omp - ok
23:51:17.0906 4220 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:51:17.0921 4220 i8042prt - ok
23:51:18.0031 4220 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:51:18.0156 4220 idsvc - ok
23:51:18.0171 4220 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:51:18.0171 4220 Imapi - ok
23:51:18.0218 4220 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:51:18.0234 4220 ImapiService - ok
23:51:18.0234 4220 ini910u - ok
23:51:18.0250 4220 IntelIde - ok
23:51:18.0296 4220 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:51:18.0296 4220 intelppm - ok
23:51:18.0312 4220 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:51:18.0312 4220 ip6fw - ok
23:51:18.0328 4220 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:51:18.0328 4220 IpFilterDriver - ok
23:51:18.0328 4220 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:51:18.0328 4220 IpInIp - ok
23:51:18.0359 4220 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:51:18.0375 4220 IpNat - ok
23:51:18.0390 4220 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:51:18.0390 4220 IPSec - ok
23:51:18.0406 4220 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:51:18.0406 4220 IRENUM - ok
23:51:18.0421 4220 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:51:18.0421 4220 isapnp - ok
23:51:18.0546 4220 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:51:18.0562 4220 JavaQuickStarterService - ok
23:51:18.0562 4220 k750mgmt - ok
23:51:18.0593 4220 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:51:18.0593 4220 Kbdclass - ok
23:51:18.0609 4220 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:51:18.0609 4220 kbdhid - ok
23:51:18.0640 4220 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:51:18.0656 4220 kmixer - ok
23:51:18.0671 4220 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:51:18.0687 4220 KSecDD - ok
23:51:18.0718 4220 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:51:18.0734 4220 lanmanserver - ok
23:51:18.0781 4220 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:51:18.0812 4220 lanmanworkstation - ok
23:51:18.0828 4220 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
23:51:18.0843 4220 LBeepKE - ok
23:51:18.0843 4220 lbrtfdc - ok
23:51:18.0953 4220 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:51:18.0984 4220 LBTServ - ok
23:51:19.0015 4220 [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
23:51:19.0015 4220 LEqdUsb - ok
23:51:19.0046 4220 [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd C:\WINDOWS\system32\Drivers\LHidEqd.Sys
23:51:19.0046 4220 LHidEqd - ok
23:51:19.0078 4220 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
23:51:19.0093 4220 LHidFilt - ok
23:51:19.0125 4220 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:51:19.0125 4220 LmHosts - ok
23:51:19.0140 4220 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
23:51:19.0140 4220 LMouFilt - ok
23:51:19.0156 4220 ltmodem5 - ok
23:51:19.0156 4220 lvpopflt - ok
23:51:19.0156 4220 lxcf_device - ok
23:51:19.0187 4220 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
23:51:19.0187 4220 MBAMProtector - ok
23:51:19.0265 4220 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:51:19.0328 4220 MBAMScheduler - ok
23:51:19.0437 4220 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:51:19.0515 4220 MBAMService - ok
23:51:19.0562 4220 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:51:19.0562 4220 Messenger - ok
23:51:19.0578 4220 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:51:19.0578 4220 mnmdd - ok
23:51:19.0609 4220 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
23:51:19.0609 4220 mnmsrvc - ok
23:51:19.0625 4220 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:51:19.0625 4220 Modem - ok
23:51:19.0671 4220 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:51:19.0671 4220 Mouclass - ok
23:51:19.0687 4220 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:51:19.0687 4220 mouhid - ok
23:51:19.0734 4220 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:51:19.0734 4220 MountMgr - ok
23:51:19.0781 4220 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:51:19.0796 4220 MozillaMaintenance - ok
23:51:19.0796 4220 mraid35x - ok
23:51:19.0828 4220 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:51:19.0843 4220 MRxDAV - ok
23:51:19.0921 4220 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:51:19.0968 4220 MRxSmb - ok
23:51:20.0000 4220 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
23:51:20.0015 4220 MSDTC - ok
23:51:20.0015 4220 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:51:20.0015 4220 Msfs - ok
23:51:20.0031 4220 MSIServer - ok
23:51:20.0062 4220 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:51:20.0078 4220 MSKSSRV - ok
23:51:20.0078 4220 MSMQ - ok
23:51:20.0109 4220 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:51:20.0109 4220 MSPCLOCK - ok
23:51:20.0140 4220 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:51:20.0140 4220 MSPQM - ok
23:51:20.0156 4220 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:51:20.0156 4220 mssmbios - ok
23:51:20.0187 4220 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:51:20.0203 4220 Mup - ok
23:51:20.0265 4220 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:51:20.0296 4220 napagent - ok
23:51:20.0328 4220 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:51:20.0343 4220 NDIS - ok
23:51:20.0390 4220 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:51:20.0390 4220 NdisTapi - ok
23:51:20.0406 4220 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:51:20.0406 4220 Ndisuio - ok
23:51:20.0437 4220 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:51:20.0437 4220 NdisWan - ok
23:51:20.0453 4220 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:51:20.0468 4220 NDProxy - ok
23:51:20.0484 4220 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:51:20.0484 4220 NetBIOS - ok
23:51:20.0515 4220 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:51:20.0546 4220 NetBT - ok
23:51:20.0578 4220 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:51:20.0593 4220 NetDDE - ok
23:51:20.0609 4220 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:51:20.0609 4220 NetDDEdsdm - ok
23:51:20.0640 4220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:51:20.0640 4220 Netlogon - ok
23:51:20.0671 4220 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:51:20.0687 4220 Netman - ok
23:51:20.0734 4220 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:51:20.0750 4220 NetTcpPortSharing - ok
23:51:20.0781 4220 [ 13EC0B1767DBFBC3A6C89EECB0B84F34 ] networx C:\WINDOWS\system32\drivers\networx.sys
23:51:20.0781 4220 networx - ok
23:51:20.0828 4220 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:51:20.0843 4220 Nla - ok
23:51:20.0890 4220 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys
23:51:20.0890 4220 NPF - ok
23:51:20.0906 4220 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:51:20.0906 4220 Npfs - ok
23:51:20.0968 4220 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:51:21.0015 4220 Ntfs - ok
23:51:21.0015 4220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
23:51:21.0015 4220 NtLmSsp - ok
23:51:21.0078 4220 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:51:21.0156 4220 NtmsSvc - ok
23:51:21.0203 4220 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
23:51:21.0203 4220 NuidFltr - ok
23:51:21.0218 4220 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:51:21.0218 4220 Null - ok
23:51:21.0250 4220 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:51:21.0250 4220 NVENETFD - ok
23:51:21.0328 4220 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:51:21.0328 4220 nvnetbus - ok
23:51:21.0375 4220 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:51:21.0375 4220 NwlnkFlt - ok
23:51:21.0390 4220 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:51:21.0390 4220 NwlnkFwd - ok
23:51:21.0390 4220 ofcpfwsvc - ok
23:51:21.0406 4220 ovt519 - ok
23:51:21.0421 4220 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:51:21.0437 4220 Parport - ok
23:51:21.0437 4220 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:51:21.0437 4220 PartMgr - ok
23:51:21.0468 4220 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:51:21.0468 4220 ParVdm - ok
23:51:21.0468 4220 pav_security - ok
23:51:21.0515 4220 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:51:21.0531 4220 PCI - ok
23:51:21.0531 4220 PCIDump - ok
23:51:21.0562 4220 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:51:21.0578 4220 PCIIde - ok
23:51:21.0593 4220 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:51:21.0609 4220 Pcmcia - ok
23:51:21.0609 4220 PDCOMP - ok
23:51:21.0609 4220 PDFRAME - ok
23:51:21.0625 4220 pdlnatdl - ok
23:51:21.0625 4220 PDRELI - ok
23:51:21.0625 4220 PDRFRAME - ok
23:51:21.0640 4220 perc2 - ok
23:51:21.0640 4220 perc2hib - ok
23:51:21.0671 4220 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:51:21.0671 4220 PlugPlay - ok
23:51:21.0671 4220 pneclo - ok
23:51:21.0718 4220 [ E5582E43E167CF367757D81E9727DA2A ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
23:51:21.0718 4220 Point32 - ok
23:51:21.0718 4220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:51:21.0718 4220 PolicyAgent - ok
23:51:21.0750 4220 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:51:21.0750 4220 PptpMiniport - ok
23:51:21.0750 4220 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:51:21.0765 4220 Processor - ok
23:51:21.0765 4220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:51:21.0765 4220 ProtectedStorage - ok
23:51:21.0765 4220 protectionservice - ok
23:51:21.0781 4220 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:51:21.0796 4220 PSched - ok
23:51:21.0796 4220 PSSdk21 - ok
23:51:21.0812 4220 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:51:21.0812 4220 Ptilink - ok
23:51:21.0828 4220 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:51:21.0843 4220 PxHelp20 - ok
23:51:21.0843 4220 ql1080 - ok
23:51:21.0843 4220 Ql10wnt - ok
23:51:21.0843 4220 ql12160 - ok
23:51:21.0859 4220 ql1240 - ok
23:51:21.0875 4220 ql1280 - ok
23:51:21.0890 4220 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:51:21.0890 4220 RasAcd - ok
23:51:21.0921 4220 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:51:21.0937 4220 RasAuto - ok
23:51:21.0953 4220 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:51:21.0953 4220 Rasl2tp - ok
23:51:22.0015 4220 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:51:22.0031 4220 RasMan - ok
23:51:22.0046 4220 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:51:22.0046 4220 RasPppoe - ok
23:51:22.0046 4220 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:51:22.0046 4220 Raspti - ok
23:51:22.0078 4220 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:51:22.0093 4220 Rdbss - ok
23:51:22.0093 4220 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:51:22.0093 4220 RDPCDD - ok
23:51:22.0125 4220 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:51:22.0156 4220 rdpdr - ok
23:51:22.0187 4220 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:51:22.0203 4220 RDPWD - ok
23:51:22.0265 4220 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:51:22.0281 4220 RDSessMgr - ok
23:51:22.0312 4220 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:51:22.0312 4220 redbook - ok
23:51:22.0359 4220 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:51:22.0359 4220 RemoteAccess - ok
23:51:22.0375 4220 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:51:22.0390 4220 RemoteRegistry - ok
23:51:22.0390 4220 rismxdp - ok
23:51:22.0453 4220 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
23:51:22.0468 4220 rpcapd - ok
23:51:22.0484 4220 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
23:51:22.0484 4220 RpcLocator - ok
23:51:22.0546 4220 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:51:22.0546 4220 RpcSs - ok
23:51:22.0593 4220 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
23:51:22.0609 4220 RSVP - ok
23:51:22.0609 4220 s116obex - ok
23:51:22.0656 4220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:51:22.0656 4220 SamSs - ok
23:51:22.0718 4220 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:51:22.0718 4220 SASDIFSV - ok
23:51:22.0734 4220 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:51:22.0734 4220 SASKUTIL - ok
23:51:22.0765 4220 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:51:22.0781 4220 SCardSvr - ok
23:51:22.0812 4220 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:51:22.0843 4220 Schedule - ok
23:51:22.0859 4220 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:51:22.0875 4220 Secdrv - ok
23:51:22.0906 4220 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:51:22.0906 4220 seclogon - ok
23:51:22.0937 4220 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:51:22.0953 4220 SENS - ok
23:51:22.0953 4220 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:51:22.0953 4220 serenum - ok
23:51:22.0984 4220 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:51:22.0984 4220 Serial - ok
23:51:23.0000 4220 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:51:23.0000 4220 Sfloppy - ok
23:51:23.0031 4220 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:51:23.0031 4220 ShellHWDetection - ok
23:51:23.0046 4220 Simbad - ok
23:51:23.0046 4220 Sparrow - ok
23:51:23.0078 4220 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:51:23.0078 4220 splitter - ok
23:51:23.0109 4220 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:51:23.0109 4220 Spooler - ok
23:51:23.0125 4220 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:51:23.0125 4220 sr - ok
23:51:23.0171 4220 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:51:23.0187 4220 srservice - ok
23:51:23.0296 4220 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:51:23.0328 4220 Srv - ok
23:51:23.0359 4220 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:51:23.0359 4220 SSDPSRV - ok
23:51:23.0531 4220 [ 61536F3D6BA7CE09025D60B3398A8260 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
23:51:23.0718 4220 STHDA - ok
23:51:23.0765 4220 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:51:23.0812 4220 stisvc - ok
23:51:23.0812 4220 StkASSrv - ok
23:51:23.0812 4220 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:51:23.0812 4220 swenum - ok
23:51:23.0828 4220 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:51:23.0843 4220 swmidi - ok
23:51:23.0843 4220 SwPrv - ok
23:51:23.0843 4220 symc810 - ok
23:51:23.0859 4220 symc8xx - ok
23:51:23.0859 4220 sym_hi - ok
23:51:23.0875 4220 sym_u3 - ok
23:51:23.0906 4220 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:51:23.0906 4220 sysaudio - ok
23:51:23.0921 4220 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:51:23.0937 4220 SysmonLog - ok
23:51:23.0984 4220 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:51:24.0000 4220 TapiSrv - ok
23:51:24.0046 4220 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:51:24.0093 4220 Tcpip - ok
23:51:24.0140 4220 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:51:24.0140 4220 TDPIPE - ok
23:51:24.0171 4220 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:51:24.0171 4220 TDTCP - ok
23:51:24.0203 4220 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:51:24.0203 4220 TermDD - ok
23:51:24.0250 4220 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:51:24.0281 4220 TermService - ok
23:51:24.0328 4220 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:51:24.0328 4220 Themes - ok
23:51:24.0328 4220 TIEHDUSB - ok
23:51:24.0359 4220 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
23:51:24.0359 4220 TlntSvr - ok
23:51:24.0375 4220 tng-dtmg - ok
23:51:24.0375 4220 tng-dts - ok
23:51:24.0375 4220 TosIde - ok
23:51:24.0421 4220 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:51:24.0437 4220 TrkWks - ok
23:51:24.0500 4220 [ 6A29CD69D1128BDF49A705BEFC614A5B ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
23:51:24.0531 4220 TuneUp.Defrag - ok
23:51:24.0609 4220 [ 51EE2913ED525DE18FDA96DCCBC5386A ] TuneUp.ProgramStatisticsSvc C:\WINDOWS\System32\TUProgSt.exe
23:51:24.0703 4220 TuneUp.ProgramStatisticsSvc - ok
23:51:24.0718 4220 [ E6D35F3AA51A65EB35C1F2340154A25E ] ubsvve C:\WINDOWS\system32\drivers\tnloa.sys
23:51:24.0718 4220 ubsvve - ok
23:51:24.0734 4220 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:51:24.0750 4220 Udfs - ok
23:51:24.0750 4220 ultra - ok
23:51:24.0750 4220 UPATC - ok
23:51:24.0828 4220 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:51:24.0859 4220 Update - ok
23:51:24.0890 4220 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:51:24.0906 4220 upnphost - ok
23:51:24.0921 4220 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:51:24.0921 4220 UPS - ok
23:51:24.0968 4220 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:51:24.0968 4220 usbaudio - ok
23:51:25.0000 4220 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
23:51:25.0000 4220 usbbus - ok
23:51:25.0031 4220 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:51:25.0031 4220 usbccgp - ok
23:51:25.0046 4220 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
23:51:25.0046 4220 UsbDiag - ok
23:51:25.0078 4220 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:51:25.0078 4220 usbehci - ok
23:51:25.0109 4220 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:51:25.0125 4220 usbhub - ok
23:51:25.0140 4220 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
23:51:25.0140 4220 USBModem - ok
23:51:25.0171 4220 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:51:25.0171 4220 usbohci - ok
23:51:25.0203 4220 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:51:25.0203 4220 usbprint - ok
23:51:25.0234 4220 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:51:25.0250 4220 usbscan - ok
23:51:25.0250 4220 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:51:25.0265 4220 USBSTOR - ok
23:51:25.0281 4220 [ 2E2E93041C8058BC7DE6F0D743C4A0C6 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
23:51:25.0296 4220 UxTuneUp - ok
23:51:25.0296 4220 vet-filt - ok
23:51:25.0312 4220 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:51:25.0312 4220 VgaSave - ok
23:51:25.0312 4220 ViaIde - ok
23:51:25.0359 4220 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:51:25.0359 4220 VolSnap - ok
23:51:25.0406 4220 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:51:25.0421 4220 VSS - ok
23:51:25.0437 4220 vstor2-ws60 - ok
23:51:25.0500 4220 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:51:25.0515 4220 W32Time - ok
23:51:25.0546 4220 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:51:25.0546 4220 Wanarp - ok
23:51:25.0625 4220 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:51:25.0671 4220 Wdf01000 - ok
23:51:25.0671 4220 WDICA - ok
23:51:25.0703 4220 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:51:25.0718 4220 wdmaud - ok
23:51:25.0734 4220 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:51:25.0750 4220 WebClient - ok
23:51:25.0796 4220 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:51:25.0812 4220 winmgmt - ok
23:51:25.0843 4220 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
23:51:25.0859 4220 WinUSB - ok
23:51:25.0875 4220 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:51:25.0890 4220 WmdmPmSN - ok
23:51:25.0953 4220 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:51:26.0015 4220 Wmi - ok
23:51:26.0015 4220 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:51:26.0015 4220 WmiAcpi - ok
23:51:26.0046 4220 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:51:26.0062 4220 WmiApSrv - ok
23:51:26.0234 4220 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:51:26.0359 4220 WMPNetworkSvc - ok
23:51:26.0406 4220 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:51:26.0406 4220 WpdUsb - ok
23:51:26.0593 4220 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:51:26.0671 4220 WPFFontCache_v0400 - ok
23:51:26.0687 4220 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:51:26.0703 4220 WS2IFSL - ok
23:51:26.0734 4220 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WUDFPF.SYS
23:51:26.0734 4220 WudfPf - ok
23:51:26.0765 4220 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:51:26.0765 4220 WudfRd - ok
23:51:26.0812 4220 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:51:26.0828 4220 WudfSvc - ok
23:51:26.0828 4220 wwsecsvc - ok
23:51:26.0890 4220 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:51:26.0937 4220 WZCSVC - ok
23:51:26.0984 4220 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:51:27.0000 4220 xmlprov - ok
23:51:27.0015 4220 zumbus - ok
23:51:27.0015 4220 ================ Scan global ===============================
23:51:27.0046 4220 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:51:27.0109 4220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:51:27.0187 4220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:51:27.0218 4220 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:51:27.0234 4220 [Global] - ok
23:51:27.0234 4220 ================ Scan MBR ==================================
23:51:27.0234 4220 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:51:27.0234 4220 Suspicious mbr (Forged): \Device\Harddisk0\DR0
23:51:27.0265 4220 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:51:27.0265 4220 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:51:27.0281 4220 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:51:27.0656 4220 \Device\Harddisk1\DR1 - ok
23:51:27.0656 4220 ================ Scan VBR ==================================
23:51:27.0656 4220 [ 69EED2EF33A11298E239910E24E272B3 ] \Device\Harddisk0\DR0\Partition1
23:51:27.0656 4220 \Device\Harddisk0\DR0\Partition1 - ok
23:51:27.0671 4220 [ A49216FCA2A788E234F8FE99B972065F ] \Device\Harddisk0\DR0\Partition2
23:51:27.0671 4220 \Device\Harddisk0\DR0\Partition2 - ok
23:51:27.0671 4220 [ A0E19D7F186228B02D332DF17C82E035 ] \Device\Harddisk1\DR1\Partition1
23:51:27.0671 4220 \Device\Harddisk1\DR1\Partition1 - ok
23:51:27.0687 4220 [ 88DB4795C5F45EB4FDB0663D0381F632 ] \Device\Harddisk1\DR1\Partition2
23:51:27.0703 4220 \Device\Harddisk1\DR1\Partition2 - ok
23:51:27.0703 4220 ============================================================
23:51:27.0703 4220 Scan finished
23:51:27.0703 4220 ============================================================
23:51:27.0703 3492 Detected object count: 2
23:51:27.0703 3492 Actual detected object count: 2
23:53:38.0953 3492 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
23:53:38.0953 3492 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
23:53:39.0515 3492 \Device\Harddisk0\DR0\# - copied to quarantine
23:53:39.0515 3492 \Device\Harddisk0\DR0 - copied to quarantine
23:53:41.0453 3492 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
23:53:41.0468 3492 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
23:53:41.0468 3492 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:53:41.0484 3492 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:53:41.0484 3492 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:53:41.0484 3492 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
23:53:41.0484 3492 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:53:41.0546 3492 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:53:41.0546 3492 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:53:41.0546 3492 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:53:41.0546 3492 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
23:53:41.0546 3492 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
23:53:41.0578 3492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
23:53:41.0578 3492 \Device\Harddisk0\DR0 - ok
23:53:42.0718 3492 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
23:53:49.0187 4528 Deinitialize success

 

[SledgeProne]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Master Blaster at 3:35:31 on 2012-11-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1417 [GMT -8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\NetWorx\networx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &NetWorx Desk Band: {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - c:\program files\networx\deskband.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ProtectedData] RUNDLL32.EXE "c:\documents and settings\master blaster\local settings\application data\protecteddata\hkrlfnhn.dll",vlc_entry__1_0_0e
uRun: [Akamai NetSession Interface] "c:\documents and settings\master blaster\local settings\application data\akamai\netsession_win.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\idmmbc.dll
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260536422999
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349866232665
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\master blaster\application data\mozilla\firefox\profiles\r52wkqpj.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
FF - component: c:\documents and settings\master blaster\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-10-02 02:28; OneClickDownload@OneClickDownload.com; c:\documents and settings\master blaster\application data\mozilla\firefox\profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
FF - ExtSQL: 2012-10-03 19:55; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\master blaster\application data\mozilla\firefox\profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\master blaster\application data\mozilla\firefox\profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\master blaster\application data\mozilla\firefox\profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08:21
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef -
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-8-12 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-8-12 20616]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-6-19 51640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-8-23 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2011-8-19 57344]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-1-30 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-21 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-10 676936]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-1-18 101392]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-8-12 122504]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 12184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-10 22856]
S0 pneclo;pneclo;c:\windows\system32\drivers\ythte.sys --> c:\windows\system32\drivers\ythte.sys [?]
S2 ccproxy;IAimFP6;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ofcpfwsvc;Radiosvr;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
S2 pav_security;Was;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
S2 vet-filt;TPECioCtl;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-8-12 14216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 awhost32;Se58obex;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [2010-9-14 54016]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.
=============== Created Last 30 ================
.
2012-11-23 12:19:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-22 13:21:36 88064 ----a-w- c:\documents and settings\master blaster\sftxtqspxzrlgy.exe
2012-11-22 13:21:35 58880 ----a-w- c:\documents and settings\master blaster\hhlcgdbfyxjbuuljil.exe
2012-11-22 07:44:23 -------- d-----w- c:\documents and settings\master blaster\.frostwire5
2012-11-22 07:40:07 -------- d-----w- c:\documents and settings\master blaster\application data\OpenCandy
2012-11-19 20:23:53 -------- d-----w- c:\documents and settings\master blaster\local settings\application data\ProtectedData
2012-11-08 10:19:41 -------- d-----w- c:\program files\WS_FTP
2012-11-08 10:19:14 724992 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iKernel.dll
2012-11-08 10:19:14 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\ctor.dll
2012-11-08 10:19:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
2012-11-08 10:19:14 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iscript.dll
2012-11-08 10:19:14 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iuser.dll
2012-11-08 10:19:08 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\Setup.dll
2012-11-08 10:19:08 184452 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iGdi.dll
2012-11-04 18:04:46 -------- d-----w- c:\program files\FirstRowSportApp.com
2012-11-02 09:48:39 -------- d-----w- c:\program files\Ffmpeg For Audacity
2012-11-02 09:40:25 -------- d-----w- c:\program files\Audacity
.
==================== Find3M ====================
.
2012-11-22 07:41:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-22 07:41:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-14 02:23:45 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 02:23:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 17:33:06 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-08 23:23:29 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 23:23:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-08 23:23:26 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 23:23:26 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2006-05-03 19:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 20:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 22:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 07:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 3:36:09.04 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2009 8:41:39 PM
System Uptime: 11/24/2012 3:18:38 AM (0 hours ago)
.
Motherboard: ECS | | GF7050VT-M
Processor: Intel Pentium III Xeon processor | CPU 1 | 2533/267mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 1.324 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 149 GiB total, 0.463 GiB free.
F: is FIXED (NTFS) - 149 GiB total, 0.218 GiB free.
G: is FIXED (NTFS) - 571 GiB total, 0.961 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP210: 11/20/2012 9:54:44 PM - System Checkpoint
RP211: 11/22/2012 7:02:42 AM - Restore Operation
RP212: 11/22/2012 7:07:11 AM - Restore Operation
RP213: 11/23/2012 10:20:57 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader X
Advanced Zip Repair v1.6
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.2
Bass Audio Decoder (remove only)
Bonjour
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
CD Audio Reader Filter (remove only)
Color Cop 5.4.3
DCoder Image Source (remove only)
DirectVobSub (remove only)
DivX Setup
DScaler 5 Mpeg Decoders
EASEUS Todo Backup 1.1
EasyBCD 2.0
eReg
ExtractNow
ffdshow [rev 2527] [2008-12-19]
FFmpeg v0.6.2 for Audacity
FirstRowSportApp
Gabest MPEG Splitter (remove only)
Google Earth Plug-in
Google Update Helper
HiDownloadPlatinum
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IDT Audio
Internet Download Manager
Ipswitch WS_FTP LE
Java 7 Update 7
Java(TM) 6 Update 31
LAME v3.98.2 for Audacity
LG USB Modem driver
Logitech SetPoint 6.32
Logitech Unifying Software 2.00
Malwarebytes Anti-Malware version 1.65.1.1000
MediaInfo 0.7.50
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 7.0
Microsoft IntelliType Pro 8.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MONOGRAM AMR Splitter/Decoder (remove only)
Moyea FLV Editor Lite version: 1.0.1.0
Moyea FLV Player version: 2.0.2.96
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 6 Ultra Edition
NetWorx 5.2.3
NVIDIA Drivers
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
PeerBlock 1.1 (r518)
QuickTime
Recuva
Registry Mechanic v9.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SpeeDefrag 5.2.1
Subtitle Search
SUPER © v2012.build.53 (Sep 13, 2012) version v2012.build.53
SUPERAntiSpyware
System Requirements Lab
Trend Micro™ Titanium™ Internet Security
TUGZip 3.5
TuneUp Utilities 2009
uMusic
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.3
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series SDK
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.1.1
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
11/22/2012 6:53:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT networx RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
11/22/2012 6:53:29 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 6:53:29 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 6:53:29 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 6:53:29 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 6:53:29 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 6:52:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/22/2012 6:52:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/22/2012 5:41:13 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/22/2012 5:28:11 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
11/22/2012 4:47:02 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'Uninstall .. Helper.lnk' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/22/2012 11:53:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Bonjour Service service to connect.
11/22/2012 11:53:01 PM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2012 9:36:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Nalpeiron Licensing Service service to connect.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Was service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The W55U01 service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Tomcatcws3 service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Symantecantibotfilter service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The SNDO763 service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Smwdm service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Se45obex service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Radiosvr service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Olcamsrv service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The OEM02Vfx service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Mclserviceatl service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The LEX_AS_NIC_SERVICE_YNOS service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Issm service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Isdrv120 service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Ifxtcs service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The IAimFP6 service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The HSX_DP service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Gv3 service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Emu10k service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The DS1410D service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Dlcc_device service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Cwafrmiregistry service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The CTEDSPFX.DLL service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Camdrl service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Bthmodem service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Awservice service terminated with the following error: The specified module could not be found.
11/20/2012 8:46:34 PM, error: Service Control Manager [7023] - The Adpu320 service terminated with the following error: The specified module could not be found.
11/19/2012 9:17:51 AM, error: Service Control Manager [7023] - The Winmtsrv service terminated with the following error: The specified module could not be found.
11/19/2012 9:17:51 AM, error: Service Control Manager [7023] - The TPECioCtl service terminated with the following error: The specified module could not be found.
11/19/2012 9:17:51 AM, error: Service Control Manager [7023] - The IAimFP5 service terminated with the following error: The specified module could not be found.
11/19/2012 9:17:51 AM, error: Service Control Manager [7023] - The Cwafnotesservice service terminated with the following error: The specified module could not be found.
11/19/2012 12:28:21 PM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 001E90E94F32 has been denied by the DHCP server 66.75.142.46 (The DHCP Server sent a DHCPNACK message).
11/19/2012 12:27:53 PM, error: Dhcp [1002] - The IP address lease 76.87.73.175 for the Network Card with network address 001E90E94F32 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hi there!

avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Uncheck "Trace disk IO calls".
• Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
• Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

CapperKiller Scan

The CapperKiller utility is designed for treating the aftermaths of a Trojan-Banker.Win32.Capper infection.

How to use the utility:

• Download the CapperKiller.exe utility.
• Run CapperKiller.exe
  
  
  
• A reboot may be required after the treatment. Please make sure it reboots, if it asks.
• A report will be created in your root directory, (usually C:\ folder) in the form of "CapperKiller.[Version]_[Date]_[Time]_log.txt".
• Please copy and paste its contents on your next reply.
• Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

 

[SledgeProne]

Tried running CapperKiller but it states IE is running, even though I've closed all open browser windows, so I'll try again after a reboot and post results if successful.



aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-24 14:19:13
-----------------------------
14:19:13.671 OS Version: Windows 5.1.2600 Service Pack 3
14:19:13.671 Number of processors: 2 586 0x1706
14:19:13.671 ComputerName: ENDLESS UserName:
14:19:15.953 Initialize success
14:23:25.015 AVAST engine defs: 12112401
14:25:33.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
14:25:33.828 Disk 0 Vendor: WDC_WD7500AADS-00L5B1 01.01A01 Size: 715404MB BusType: 3
14:25:33.828 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19
14:25:33.828 Disk 1 Vendor: WDC_WD3200AAKS-00B3A0 01.03A01 Size: 305245MB BusType: 3
14:25:33.843 Disk 0 MBR read successfully
14:25:33.843 Disk 0 MBR scan
14:25:33.906 Disk 0 Windows XP default MBR code
14:25:33.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
14:25:33.906 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 584340 MB offset 268414020
14:25:33.921 Disk 0 scanning sectors +1465144065
14:25:33.984 Disk 0 scanning C:\WINDOWS\system32\drivers
14:25:46.093 Service scanning
14:26:02.640 Modules scanning
14:26:13.000 AVAST engine scan C:\WINDOWS
14:26:20.921 AVAST engine scan C:\WINDOWS\system32
14:29:34.765 AVAST engine scan C:\WINDOWS\system32\drivers
14:29:52.171 AVAST engine scan C:\Documents and Settings\Master Blaster
14:37:25.468 File: C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\16\70ddbd90-42773736 **INFECTED** Win32:BHO-AIE [Trj]
14:37:26.437 File: C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\8\16604e88-65ae27e7 **INFECTED** Win32:Tipa [Cryp]
14:37:38.218 File: C:\Documents and Settings\Master Blaster\Local Settings\temp\2AE.tmp **INFECTED** Win32:BHO-AIE [Trj]
14:44:21.406 AVAST engine scan C:\Documents and Settings\All Users
14:45:17.265 Scan finished successfully
23:48:12.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Master Blaster\Desktop\suki\MBR.dat"
23:48:12.187 The log file has been saved successfully to "C:\Documents and Settings\Master Blaster\Desktop\suki\aswMBR.txt"

 

[SledgeProne]

00:28:43.0125 1284 Trojan-Banker.Win32.Capper removal tool 1.0.7.0 Nov 19 2012 19:35:35
00:28:43.0828 1284 ============================================================
00:28:43.0828 1284 Current date / time: 2012/11/25 00:28:43.0828
00:28:43.0828 1284 SystemInfo:
00:28:43.0828 1284
00:28:43.0828 1284 OS Version: 5.1.2600 ServicePack: 3.0
00:28:43.0828 1284 Product type: Workstation
00:28:43.0828 1284 ComputerName: ENDLESS
00:28:43.0828 1284 UserName: Master Blaster
00:28:43.0828 1284 Windows directory: C:\WINDOWS
00:28:43.0828 1284 System windows directory: C:\WINDOWS
00:28:43.0828 1284 Processor architecture: Intel x86
00:28:43.0828 1284 Number of processors: 2
00:28:43.0828 1284 Page size: 0x1000
00:28:43.0828 1284 Boot type: Normal boot
00:28:43.0828 1284 ============================================================
00:28:43.0828 1284 Initialize success
00:28:43.0828 1284 ============================================================
00:28:48.0468 2972 ================================================================================
00:28:48.0468 2972 Scan started
00:28:48.0468 2972 ================================================================================
00:28:48.0468 2972 ProcessDriveEnumEx: Drive A:\ type 2:350
00:28:48.0468 2972 ProcessDriveEnumEx: Drive C:\ type 3:0
00:33:46.0593 2972 ProcessDriveEnumEx: Drive D:\ type 5:0
00:33:46.0593 2972 ProcessDriveEnumEx: Drive E:\ type 3:0
00:33:51.0312 2972 ProcessDriveEnumEx: Drive F:\ type 3:0
00:33:52.0625 2972 ProcessDriveEnumEx: Drive G:\ type 3:0
00:34:44.0046 2972 ================================================================================
00:34:44.0046 2972 Scan finished
00:34:44.0046 2972 ================================================================================

 

[Jay Pfoutz]

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[SledgeProne]

ComboFix 12-11-25.01 - Master Blaster 11/25/2012 12:10:31.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1347 [GMT -8:00]
Running from: c:\documents and settings\Master Blaster\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\dsgsdgdsgdsgw.pad
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Master Blaster\hhlcgdbfyxjbuuljil.exe
c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData\hkrlfnhn.dll
c:\documents and settings\Master Blaster\sftxtqspxzrlgy.exe
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-23 12:19 . 2012-11-23 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-22 07:44 . 2012-11-22 08:09 -------- d-----w- c:\documents and settings\Master Blaster\.frostwire5
2012-11-22 07:41 . 2012-11-22 08:31 -------- d-----w- c:\program files\Real
2012-11-22 07:40 . 2012-11-22 07:40 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\OpenCandy
2012-11-19 20:23 . 2012-11-25 20:14 -------- d-----w- c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData
2012-11-08 10:19 . 2012-11-08 10:19 -------- d-----w- c:\program files\WS_FTP
2012-11-08 10:19 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-11-08 10:19 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-11-08 10:19 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-11-08 10:19 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-11-08 10:19 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-11-08 10:19 . 2012-11-08 10:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-11-08 10:19 . 2012-11-08 10:19 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-11-04 18:04 . 2012-11-04 18:04 -------- d-----w- c:\program files\FirstRowSportApp.com
2012-11-02 09:48 . 2012-11-02 09:48 -------- d-----w- c:\program files\Ffmpeg For Audacity
2012-11-02 09:40 . 2012-11-24 06:31 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\Audacity
2012-11-02 09:40 . 2012-11-02 09:40 -------- d-----w- c:\program files\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 07:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-22 07:41 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-14 02:23 . 2012-04-02 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:23 . 2011-05-17 10:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 17:33 . 2012-07-12 09:33 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-08 23:23 . 2012-10-08 23:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 23:23 . 2012-10-08 23:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-08 23:23 . 2012-04-21 22:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 23:23 . 2012-04-21 22:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 03:54 . 2012-04-11 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-10-30 10:35 . 2012-10-30 10:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 19:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 20:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 22:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Akamai NetSession Interface"="c:\documents and settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-06-10 3225144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2012-06-10 02:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"Updater Service for StartNow Toolbar"=2 (0x2)
"ImapiService"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"cdloader"="c:\documents and settings\Master Blaster\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/12/2010 2:46 AM 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [8/12/2010 2:46 AM 20616]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [6/19/2011 4:05 AM 51640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 4:00 AM 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [8/19/2011 9:42 PM 57344]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/30/2011 12:16 PM 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 9:24 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 4:17 PM 676936]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/18/2012 2:31 AM 101392]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8/12/2010 2:46 AM 122504]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 9:30 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 9:30 AM 12184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 4:17 PM 22856]
S0 pneclo;pneclo;c:\windows\system32\drivers\ythte.sys --> c:\windows\system32\drivers\ythte.sys [?]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/12/2010 2:46 AM 14216]
S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [9/14/2010 11:06 PM 54016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
vet-filt
lvpopflt
mcredirector
bc_pat_f
rismxdp
UPATC
CTDevice_Srv
imountsrv
vstor2-ws60
awhost32
protectionservice
ovt519
lxcf_device
CBN
Bcim
fsaa
fasttrackinstallerservice
comhost
DVDRC
StkASSrv
s116obex
ltmodem5
PSSdk21
hpqwmiex
k750mgmt
pav_security
TIEHDUSB
ctdvda2k
ctxcpubal
ofcpfwsvc
ccproxy
G400DH
atinevxx
ashampoodefragservice
agnwifi
SRTSPL
keriomailserver
wmccdsls
aolavupd
hsxhwazl
MSMQ
tng-dts
tng-dtmg
F700iat
arrayssl_vpn_service3,0,1,9
pdlnatdl
atkdisplf
tga
AsusACPI
mqdmbus
GMSIPCI
ANC
wwsecsvc
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
napagent
hkmsvc
wuauserv
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
uploadmgr
ip6fwhlp
mhn
sacsvr
trksvr
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:23]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: thephins.com\www
Trusted Zone: tube8.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
FF - ExtSQL: 2012-10-02 02:28; OneClickDownload@OneClickDownload.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
FF - ExtSQL: 2012-10-03 19:55; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef -
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ProtectedData - c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData\hkrlfnhn.dll
SafeBoot-36659270.sys
SafeBoot-70124556.sys
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-25 12:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ProtectedData = RUNDLL32.EXE "c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData\hkrlfnhn.dll",vlc_entry__1_0_0e?123456789
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24851210-fc14-4b19-812b-d9133aea46a2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006a
"Therad"=dword:0000001e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0f,97,2f,57,31,e5,f7,f5,ae,6e,91,35,40,51,ee,d8,1c,63,4d,97,f6,
f7,49,aa,01,84,04,4a,f0,68,42,14,0b,0c,db,ea,27,fb,fd,07,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-11-25 12:17:13
ComboFix-quarantined-files.txt 2012-11-25 20:17
ComboFix2.txt 2012-06-04 05:07
.
Pre-Run: 1,656,971,264 bytes free
Post-Run: 2,502,180,864 bytes free
.
- - End Of File - - FB816FAD81252F4943A829D0280416FE

 

[Jay Pfoutz]

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::
  
  :reg
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost /s

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

 

[SledgeProne]

ComboFix 12-11-25.01 - Master Blaster 11/27/2012 1:48.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1261 [GMT -8:00]
Running from: c:\documents and settings\Master Blaster\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Master Blaster\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 )))))))))))))))))))))))))))))))
.
.
2012-11-23 12:19 . 2012-11-23 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-22 07:44 . 2012-11-22 08:09 -------- d-----w- c:\documents and settings\Master Blaster\.frostwire5
2012-11-22 07:41 . 2012-11-22 08:31 -------- d-----w- c:\program files\Real
2012-11-22 07:40 . 2012-11-22 07:40 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\OpenCandy
2012-11-19 20:23 . 2012-11-25 20:14 -------- d-----w- c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData
2012-11-08 10:19 . 2012-11-08 10:19 -------- d-----w- c:\program files\WS_FTP
2012-11-08 10:19 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-11-08 10:19 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-11-08 10:19 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-11-08 10:19 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-11-08 10:19 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-11-08 10:19 . 2012-11-08 10:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-11-08 10:19 . 2012-11-08 10:19 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-11-04 18:04 . 2012-11-04 18:04 -------- d-----w- c:\program files\FirstRowSportApp.com
2012-11-02 09:48 . 2012-11-02 09:48 -------- d-----w- c:\program files\Ffmpeg For Audacity
2012-11-02 09:40 . 2012-11-25 22:55 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\Audacity
2012-11-02 09:40 . 2012-11-02 09:40 -------- d-----w- c:\program files\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 07:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-22 07:41 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-14 02:23 . 2012-04-02 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:23 . 2011-05-17 10:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 17:33 . 2012-07-12 09:33 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-08 23:23 . 2012-10-08 23:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 23:23 . 2012-10-08 23:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-08 23:23 . 2012-04-21 22:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 23:23 . 2012-04-21 22:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 03:54 . 2012-04-11 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-30 10:35 . 2012-10-30 10:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 19:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 20:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 22:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Akamai NetSession Interface"="c:\documents and settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-06-10 3225144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2012-06-10 02:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"Updater Service for StartNow Toolbar"=2 (0x2)
"ImapiService"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"cdloader"="c:\documents and settings\Master Blaster\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Master Blaster\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/12/2010 2:46 AM 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [8/12/2010 2:46 AM 20616]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [6/19/2011 4:05 AM 51640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 4:00 AM 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [8/19/2011 9:42 PM 57344]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/30/2011 12:16 PM 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 9:24 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 4:17 PM 676936]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/18/2012 2:31 AM 101392]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8/12/2010 2:46 AM 122504]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 9:30 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 9:30 AM 12184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 4:17 PM 22856]
S0 pneclo;pneclo;c:\windows\system32\drivers\ythte.sys --> c:\windows\system32\drivers\ythte.sys [?]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/12/2010 2:46 AM 14216]
S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [9/14/2010 11:06 PM 54016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
vet-filt
lvpopflt
mcredirector
bc_pat_f
rismxdp
UPATC
CTDevice_Srv
imountsrv
vstor2-ws60
awhost32
protectionservice
ovt519
lxcf_device
CBN
Bcim
fsaa
fasttrackinstallerservice
comhost
DVDRC
StkASSrv
s116obex
ltmodem5
PSSdk21
hpqwmiex
k750mgmt
pav_security
TIEHDUSB
ctdvda2k
ctxcpubal
ofcpfwsvc
ccproxy
G400DH
atinevxx
ashampoodefragservice
agnwifi
SRTSPL
keriomailserver
wmccdsls
aolavupd
hsxhwazl
MSMQ
tng-dts
tng-dtmg
F700iat
arrayssl_vpn_service3,0,1,9
pdlnatdl
atkdisplf
tga
AsusACPI
mqdmbus
GMSIPCI
ANC
wwsecsvc
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
napagent
hkmsvc
wuauserv
uploadmgr
ip6fwhlp
mhn
sacsvr
trksvr
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:23]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: thephins.com\www
Trusted Zone: tube8.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
FF - ExtSQL: 2012-10-02 02:28; OneClickDownload@OneClickDownload.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
FF - ExtSQL: 2012-10-03 19:55; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef -
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-27 01:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24851210-fc14-4b19-812b-d9133aea46a2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006a
"Therad"=dword:0000001e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0f,97,2f,57,31,e5,f7,f5,ae,6e,91,35,40,51,ee,d8,1c,63,4d,97,f6,
f7,49,aa,01,84,04,4a,f0,68,42,14,0b,0c,db,ea,27,fb,fd,07,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(996)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-27 01:55:45
ComboFix-quarantined-files.txt 2012-11-27 09:55
ComboFix2.txt 2012-11-25 20:17
ComboFix3.txt 2012-06-04 05:07
.
Pre-Run: 2,593,116,160 bytes free
Post-Run: 2,580,123,648 bytes free
.
- - End Of File - - 48CB8D50EE1BCD35573F2F9602C6C55B

 

[Jay Pfoutz]

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::
  
  Firefox::
  FF - prefs.js: browser.search.selectedEngine - Claro Search
  FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
  FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
  FF - user.js: extensions.autoDisableScopes - 14
  FF - user.js: extensions.claro.autoRvrt - false
  FF - user.js: extensions.claro_i.newTab - false
  FF - user.js: extensions.claro.vrsni - 1.6.4.1
  FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
  FF - user.js: extensions.claro.prtnrId - claro
  FF - user.js: extensions.claro.prdct - claro
  FF - user.js: extensions.claro.aflt - babsst
  FF - user.js: extensions.claro_i.smplGrp - none
  FF - user.js: extensions.claro.tlbrId - claro
  FF - user.js: extensions.claro.instlRef -
  FF - user.js: extensions.claro.dfltLng - en
  FF - user.js: extensions.claro.excTlbr - false
  FF - user.js: extensions.claro.admin - false

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

 

[SledgeProne]

Cool little script, I keep looking for the previous "CFScript.txt" file,
on my desktop, to delete before saving the next, but Combofix.exe apparently digests it, lol.


ComboFix 12-11-25.01 - Master Blaster 11/27/2012 19:33:46.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1227 [GMT -8:00]
Running from: c:\documents and settings\Master Blaster\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Master Blaster\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-23 12:19 . 2012-11-23 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-22 07:44 . 2012-11-22 08:09 -------- d-----w- c:\documents and settings\Master Blaster\.frostwire5
2012-11-22 07:41 . 2012-11-22 08:31 -------- d-----w- c:\program files\Real
2012-11-22 07:40 . 2012-11-22 07:40 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\OpenCandy
2012-11-19 20:23 . 2012-11-25 20:14 -------- d-----w- c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData
2012-11-08 10:19 . 2012-11-08 10:19 -------- d-----w- c:\program files\WS_FTP
2012-11-08 10:19 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-11-08 10:19 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-11-08 10:19 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-11-08 10:19 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-11-08 10:19 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-11-08 10:19 . 2012-11-08 10:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-11-08 10:19 . 2012-11-08 10:19 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-11-04 18:04 . 2012-11-04 18:04 -------- d-----w- c:\program files\FirstRowSportApp.com
2012-11-02 09:48 . 2012-11-02 09:48 -------- d-----w- c:\program files\Ffmpeg For Audacity
2012-11-02 09:40 . 2012-11-25 22:55 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\Audacity
2012-11-02 09:40 . 2012-11-02 09:40 -------- d-----w- c:\program files\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 07:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-22 07:41 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-14 02:23 . 2012-04-02 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:23 . 2011-05-17 10:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 17:33 . 2012-07-12 09:33 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-08 23:23 . 2012-10-08 23:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 23:23 . 2012-10-08 23:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-08 23:23 . 2012-04-21 22:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 23:23 . 2012-04-21 22:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 03:54 . 2012-04-11 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-30 10:35 . 2012-10-30 10:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 19:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 20:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 22:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Akamai NetSession Interface"="c:\documents and settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-06-10 3225144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2012-06-10 02:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"Updater Service for StartNow Toolbar"=2 (0x2)
"ImapiService"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"cdloader"="c:\documents and settings\Master Blaster\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Master Blaster\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/12/2010 2:46 AM 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [8/12/2010 2:46 AM 20616]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [6/19/2011 4:05 AM 51640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 4:00 AM 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [8/19/2011 9:42 PM 57344]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/30/2011 12:16 PM 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 9:24 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 4:17 PM 676936]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/18/2012 2:31 AM 101392]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8/12/2010 2:46 AM 122504]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 9:30 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 9:30 AM 12184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 4:17 PM 22856]
S0 pneclo;pneclo;c:\windows\system32\drivers\ythte.sys --> c:\windows\system32\drivers\ythte.sys [?]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/12/2010 2:46 AM 14216]
S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [9/14/2010 11:06 PM 54016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
vet-filt
lvpopflt
mcredirector
bc_pat_f
rismxdp
UPATC
CTDevice_Srv
imountsrv
vstor2-ws60
awhost32
protectionservice
ovt519
lxcf_device
CBN
Bcim
fsaa
fasttrackinstallerservice
comhost
DVDRC
StkASSrv
s116obex
ltmodem5
PSSdk21
hpqwmiex
k750mgmt
pav_security
TIEHDUSB
ctdvda2k
ctxcpubal
ofcpfwsvc
ccproxy
G400DH
atinevxx
ashampoodefragservice
agnwifi
SRTSPL
keriomailserver
wmccdsls
aolavupd
hsxhwazl
MSMQ
tng-dts
tng-dtmg
F700iat
arrayssl_vpn_service3,0,1,9
pdlnatdl
atkdisplf
tga
AsusACPI
mqdmbus
GMSIPCI
ANC
wwsecsvc
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
napagent
hkmsvc
wuauserv
uploadmgr
ip6fwhlp
mhn
sacsvr
trksvr
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:23]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: thephins.com\www
Trusted Zone: tube8.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
FF - ExtSQL: 2012-10-02 02:28; OneClickDownload@OneClickDownload.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
FF - ExtSQL: 2012-10-03 19:55; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef -
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-27 19:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24851210-fc14-4b19-812b-d9133aea46a2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006a
"Therad"=dword:0000001e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0f,97,2f,57,31,e5,f7,f5,ae,6e,91,35,40,51,ee,d8,1c,63,4d,97,f6,
f7,49,aa,01,84,04,4a,f0,68,42,14,0b,0c,db,ea,27,fb,fd,07,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-11-27 19:38:14
ComboFix-quarantined-files.txt 2012-11-28 03:38
ComboFix2.txt 2012-11-25 20:17
ComboFix3.txt 2012-06-04 05:07
.
Pre-Run: 2,583,994,368 bytes free
Post-Run: 2,571,874,304 bytes free
.
- - End Of File - - 109853751D131B65555E99A59A3F5077

 

[Jay Pfoutz]

Haha

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  Firefox::
  FF - prefs.js: browser.search.selectedEngine - Claro Search
  FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
  FF - user.js: extensions.autoDisableScopes - 14
  FF - user.js: extensions.claro.autoRvrt - false
  FF - user.js: extensions.claro_i.newTab - false
  FF - user.js: extensions.claro.vrsni - 1.6.4.1
  FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
  FF - user.js: extensions.claro.prtnrId - claro
  FF - user.js: extensions.claro.prdct - claro
  FF - user.js: extensions.claro.aflt - babsst
  FF - user.js: extensions.claro_i.smplGrp - none
  FF - user.js: extensions.claro.tlbrId - claro
  FF - user.js: extensions.claro.instlRef -
  FF - user.js: extensions.claro.dfltLng - en
  FF - user.js: extensions.claro.excTlbr - false
  FF - user.js: extensions.claro.admin - false

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

 

[SledgeProne]

ComboFix 12-11-25.01 - Master Blaster 11/29/2012 0:16.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1262 [GMT -8:00]
Running from: c:\documents and settings\Master Blaster\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Master Blaster\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 08:05 . 2012-11-29 08:05 -------- d-----w- c:\program files\GPLGS
2012-11-29 08:04 . 2012-09-12 23:32 88688 ----a-w- c:\windows\system32\cpwmon2k.dll
2012-11-23 12:19 . 2012-11-23 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-22 07:44 . 2012-11-22 08:09 -------- d-----w- c:\documents and settings\Master Blaster\.frostwire5
2012-11-22 07:41 . 2012-11-22 08:31 -------- d-----w- c:\program files\Real
2012-11-22 07:40 . 2012-11-22 07:40 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\OpenCandy
2012-11-19 20:23 . 2012-11-25 20:14 -------- d-----w- c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData
2012-11-08 10:19 . 2012-11-08 10:19 -------- d-----w- c:\program files\WS_FTP
2012-11-08 10:19 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-11-08 10:19 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-11-08 10:19 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-11-08 10:19 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-11-08 10:19 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-11-08 10:19 . 2012-11-08 10:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-11-08 10:19 . 2012-11-08 10:19 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-11-04 18:04 . 2012-11-04 18:04 -------- d-----w- c:\program files\FirstRowSportApp.com
2012-11-02 09:48 . 2012-11-02 09:48 -------- d-----w- c:\program files\Ffmpeg For Audacity
2012-11-02 09:40 . 2012-11-25 22:55 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\Audacity
2012-11-02 09:40 . 2012-11-02 09:40 -------- d-----w- c:\program files\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 07:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-22 07:41 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-14 02:23 . 2012-04-02 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:23 . 2011-05-17 10:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 17:33 . 2012-07-12 09:33 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-08 23:23 . 2012-10-08 23:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 23:23 . 2012-10-08 23:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-08 23:23 . 2012-04-21 22:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 23:23 . 2012-04-21 22:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 03:54 . 2012-04-11 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-30 10:35 . 2012-10-30 10:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 19:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 20:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 22:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Akamai NetSession Interface"="c:\documents and settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-06-10 3225144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2012-06-10 02:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"Updater Service for StartNow Toolbar"=2 (0x2)
"ImapiService"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"cdloader"="c:\documents and settings\Master Blaster\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Master Blaster\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/12/2010 2:46 AM 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [8/12/2010 2:46 AM 20616]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [6/19/2011 4:05 AM 51640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 4:00 AM 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [8/19/2011 9:42 PM 57344]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/30/2011 12:16 PM 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 9:24 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 4:17 PM 676936]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/18/2012 2:31 AM 101392]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8/12/2010 2:46 AM 122504]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 9:30 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 9:30 AM 12184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 4:17 PM 22856]
S0 pneclo;pneclo;c:\windows\system32\drivers\ythte.sys --> c:\windows\system32\drivers\ythte.sys [?]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/12/2010 2:46 AM 14216]
S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [9/14/2010 11:06 PM 54016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
vet-filt
lvpopflt
mcredirector
bc_pat_f
rismxdp
UPATC
CTDevice_Srv
imountsrv
vstor2-ws60
awhost32
protectionservice
ovt519
lxcf_device
CBN
Bcim
fsaa
fasttrackinstallerservice
comhost
DVDRC
StkASSrv
s116obex
ltmodem5
PSSdk21
hpqwmiex
k750mgmt
pav_security
TIEHDUSB
ctdvda2k
ctxcpubal
ofcpfwsvc
ccproxy
G400DH
atinevxx
ashampoodefragservice
agnwifi
SRTSPL
keriomailserver
wmccdsls
aolavupd
hsxhwazl
MSMQ
tng-dts
tng-dtmg
F700iat
arrayssl_vpn_service3,0,1,9
pdlnatdl
atkdisplf
tga
AsusACPI
mqdmbus
GMSIPCI
ANC
wwsecsvc
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
napagent
hkmsvc
wuauserv
uploadmgr
ip6fwhlp
mhn
sacsvr
trksvr
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:23]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: thephins.com\www
Trusted Zone: tube8.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
FF - ExtSQL: 2012-10-02 02:28; OneClickDownload@OneClickDownload.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
FF - ExtSQL: 2012-10-03 19:55; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2012-11-23 05:10; 50af78b4964a0@50af78b4964d9.com; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\50af78b4964a0@50af78b4964d9.com.xpi
FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef -
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-29 00:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24851210-fc14-4b19-812b-d9133aea46a2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006a
"Therad"=dword:0000001e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0f,97,2f,57,31,e5,f7,f5,ae,6e,91,35,40,51,ee,d8,1c,63,4d,97,f6,
f7,49,aa,01,84,04,4a,f0,68,42,14,0b,0c,db,ea,27,fb,fd,07,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(824)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2012-11-29 00:24:15
ComboFix-quarantined-files.txt 2012-11-29 08:24
ComboFix2.txt 2012-11-25 20:17
ComboFix3.txt 2012-06-04 05:07
.
Pre-Run: 2,634,694,656 bytes free
Post-Run: 2,632,753,152 bytes free
.
- - End Of File - - DBB345553D2D6CE6ABD6AF34C456197C

 

[Jay Pfoutz]

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
• Click Quick Scan button and let the program run uninterrupted.
• It will produce a log for you called OTL.txt, please post it in your next reply.
• You may need to use two posts to get it all.

 

[SledgeProne]

OTL logfile created on: 11/29/2012 8:42:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Master Blaster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 64.95% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 2.48 Gb Free Space | 1.94% Space Free | Partition Type: NTFS
Drive D: | 3.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 149.04 Gb Total Space | 0.88 Gb Free Space | 0.59% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 0.23 Gb Free Space | 0.15% Space Free | Partition Type: NTFS
Drive G: | 570.65 Gb Total Space | 0.18 Gb Free Space | 0.03% Space Free | Partition Type: NTFS

Computer Name: ENDLESS | User Name: Master Blaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/29 20:39:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/10/08 15:23:29 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/09 18:11:36 | 003,225,144 | ---- | M] (SoftPerfect Research) -- C:\Program Files\NetWorx\networx.exe
PRC - [2011/10/07 01:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 11:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2011/03/23 20:55:31 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 03:06:57 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/09/12 15:32:08 | 000,088,688 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/07 01:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/09/17 10:48:22 | 000,480,256 | ---- | M] () -- C:\Program Files\NetWorx\sqlite.dll
MOD - [2008/02/02 22:08:12 | 001,722,368 | ---- | M] () -- C:\Program Files\TUGZip\Plugins\TzArchive10.tgp
MOD - [2007/03/12 22:34:20 | 000,162,304 | ---- | M] () -- C:\WINDOWS\system32\ztvunrar36.dll
MOD - [2006/05/14 12:03:54 | 000,655,360 | ---- | M] () -- C:\Program Files\TUGZip\TzShell.dll
MOD - [2005/02/17 22:15:22 | 000,077,824 | ---- | M] () -- C:\Program Files\TUGZip\Plugins\TzImage10.tgp


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slabser.dll -- (wwsecsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-mobile-gateway.dll -- (vstor2-ws60)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlcf_device.dll -- (vet-filt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lanmanworkstation.dll -- (UPATC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EMCFILT.dll -- (tng-dts)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\issm.dll -- (tng-dtmg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cyberpowerups.dll -- (TIEHDUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hdaudbus.dll -- (StkASSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\transactional.dll -- (s116obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CiscoVpnInstallService.dll -- (rismxdp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cbidf.dll -- (PSSdk21)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SenFiltService.dll -- (protectionservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlndsdl.dll -- (pdlnatdl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpf4.dll -- (pav_security)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SSFS0BB9.dll -- (ovt519)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FiltUSBEMPIA.dll -- (ofcpfwsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovmsmaccessmanager.dll -- (MSMQ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmindexingservice.dll -- (lxcf_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bglivesvc.dll -- (lvpopflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\g400.dll -- (ltmodem5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tsircsrv.dll -- (k750mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlbt_device.dll -- (hpqwmiex)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysplant.dll -- (GMSIPCI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AMDPCI.dll -- (G400DH)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpuidlep.dll -- (ctxcpubal)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58nd5.dll -- (ctdvda2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\keymaestro.dll -- (ccproxy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MaVctrl.dll -- (bc_pat_f)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\quickhealfirewall.dll -- (atinevxx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\veteboot.dll -- (ashampoodefragservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k750mdm.dll -- (ANC)
SRV - [2012/11/13 18:23:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/12 10:48:12 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/10/30 02:35:39 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 15:23:29 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/09/27 11:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/03/23 20:55:31 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011/03/23 20:55:28 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/11/16 03:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/10/20 10:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ythte.sys -- (pneclo)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/09 19:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/09/01 22:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/01 22:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/01 22:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/01 22:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/09/01 22:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/04/15 13:12:12 | 000,051,640 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\networx.sys -- (networx)
DRV - [2011/03/30 10:46:12 | 000,101,392 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010/09/14 23:06:30 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\tnloa.sys -- (ubsvve)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/02 11:21:00 | 000,020,616 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2009/12/02 11:20:58 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009/12/02 11:20:56 | 000,026,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2009/12/02 11:20:54 | 000,122,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/11/28 21:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [1999/12/31 16:00:00 | 001,651,204 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {E8C55CB3-E3EA-413F-8B93-A649BC4ADBB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=allp&s={searchTerms}&f=4&hl={language}&src=chrm
IE - HKLM\..\SearchScopes\{E8C55CB3-E3EA-413F-8B93-A649BC4ADBB5}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=allp&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={sea..._clro&mntrId=f81deddd000000000000001e90e94f32
IE - HKCU\..\SearchScopes\{704AEDAB-21AD-4444-BBF4-21A376D119A8}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{E8C55CB3-E3EA-413F-8B93-A649BC4ADBB5}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{FBD9499A-91EC-C593-1D50-7512683B52A6}: "URL" = http://www.bing.com/search?q={searc...&install_date=20111010&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://www.claro-search.com/?affID=...lro&mntrId=f81deddd000000000000001e90e94f32&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/22 21:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/30 02:35:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/22 00:31:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Master Blaster\Application Data\IDM\idmmzcc3 [2012/06/06 04:48:22 | 000,000,000 | ---D | M]

[2010/05/10 00:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Extensions
[2012/11/27 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions
[2010/07/13 17:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/08 15:26:43 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\OneClickDownload@OneClickDownload.com
[2012/11/04 10:04:47 | 000,214,127 | ---- | M] () (No name found) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
[2012/10/03 18:55:27 | 000,341,143 | ---- | M] () (No name found) -- C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012/10/30 02:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/30 02:35:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/21 14:21:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/30 17:36:14 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/20 23:08:09 | 000,006,521 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/30 09:12:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/02/19 04:26:21 | 000,002,047 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchallp.xml
[2012/10/12 03:17:54 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/27 19:36:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O15 - HKCU\..Trusted Domains: thephins.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tube8.com ([www] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260536422999 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1349866232665 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9BB570A-1ED2-40E4-9399-351BC9C91395}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/10 20:40:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/29 20:39:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
[2012/11/29 00:53:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/29 00:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2012/11/29 00:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2012/11/28 23:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\My Documents\scans
[2012/11/25 12:07:30 | 005,006,177 | R--- | C] (Swearware) -- C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
[2012/11/25 00:11:56 | 000,442,200 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
[2012/11/24 14:16:16 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
[2012/11/24 03:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Desktop\storage nov12
[2012/11/23 05:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\My Documents\New Folder
[2012/11/23 04:19:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/22 08:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Desktop\song_data
[2012/11/21 23:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\My Documents\FrostWire
[2012/11/21 23:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\.frostwire5
[2012/11/21 23:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/11/21 23:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Application Data\Real
[2012/11/21 23:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2012/11/21 23:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
[2012/11/19 12:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData
[2012/11/14 01:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Desktop\DWP
[2012/11/08 02:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WS_FTP
[2012/11/08 02:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\WS_FTP
[2012/11/04 10:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Start Menu\Programs\FirstRowSportApp.com
[2012/11/04 10:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\FirstRowSportApp.com
[2012/11/02 01:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ffmpeg For Audacity
[2012/11/02 01:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master Blaster\Application Data\Audacity
[2012/11/02 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity

========== Files - Modified Within 30 Days ==========

[2012/11/29 20:39:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
[2012/11/29 20:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/29 20:04:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/29 20:00:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2012/11/29 14:04:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/29 02:01:09 | 000,001,161 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
[2012/11/29 01:40:21 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
[2012/11/29 00:34:17 | 000,473,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/29 00:34:17 | 000,076,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/29 00:30:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/29 00:29:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/29 00:07:41 | 001,468,876 | ---- | M] () -- C:\Documents and Settings\Master Blaster\My Documents\authorization_release.pdf
[2012/11/28 23:37:58 | 000,036,363 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2012/11/28 04:13:46 | 000,000,472 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\audacity.rtf
[2012/11/27 19:36:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/26 13:44:36 | 000,176,128 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/26 04:34:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/11/25 12:07:37 | 005,006,177 | R--- | M] (Swearware) -- C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
[2012/11/25 10:07:27 | 004,742,932 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
[2012/11/25 00:11:58 | 000,442,200 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
[2012/11/24 14:18:56 | 000,000,453 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
[2012/11/24 14:16:16 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
[2012/11/24 06:25:13 | 152,292,227 | ---- | M] () -- C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
[2012/11/23 23:47:19 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\latest greatest friday.rtf
[2012/11/23 00:07:08 | 000,268,808 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\census.cache
[2012/11/23 00:06:58 | 000,209,719 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ars.cache
[2012/11/22 04:41:26 | 079,108,767 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
[2012/11/22 00:13:06 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/19 11:00:31 | 015,401,600 | ---- | M] () -- C:\240P_400K_6203321[3].mp4
[2012/11/19 10:57:54 | 043,588,603 | ---- | M] () -- C:\240P_352K_5225320-2012-11-19.mp4
[2012/11/19 10:56:13 | 006,350,273 | ---- | M] () -- C:\general01_H_6493301_01-2012-11-19.mp4
[2012/11/19 10:53:11 | 011,501,318 | ---- | M] () -- C:\1396_2000-2012-11-19.mp4
[2012/11/15 03:51:28 | 003,449,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/15 03:06:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/07 19:12:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/04 10:04:47 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\FirstRowSportApp.lnk
[2012/11/04 06:23:16 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\FirstRow Watch Live NFL Online. Watch Live NCAA Online. American Football Live Streams.url
[2012/11/02 01:40:36 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Master Blaster\Desktop\Audacity.lnk

========== Files Created - No Company Name ==========

[2012/11/29 02:01:09 | 000,001,161 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
[2012/11/29 01:40:21 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
[2012/11/29 00:07:42 | 001,468,876 | ---- | C] () -- C:\Documents and Settings\Master Blaster\My Documents\authorization_release.pdf
[2012/11/29 00:04:13 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/11/28 23:37:58 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2012/11/28 04:13:46 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\audacity.rtf
[2012/11/25 10:07:26 | 004,742,932 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
[2012/11/24 14:18:56 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
[2012/11/24 06:21:31 | 152,292,227 | ---- | C] () -- C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
[2012/11/23 23:47:19 | 000,000,357 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\latest greatest friday.rtf
[2012/11/22 04:35:21 | 079,108,767 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
[2012/11/19 11:00:26 | 015,401,600 | ---- | C] () -- C:\240P_400K_6203321[3].mp4
[2012/11/19 10:56:00 | 006,350,273 | ---- | C] () -- C:\general01_H_6493301_01-2012-11-19.mp4
[2012/11/19 10:55:35 | 043,588,603 | ---- | C] () -- C:\240P_352K_5225320-2012-11-19.mp4
[2012/11/19 10:53:03 | 011,501,318 | ---- | C] () -- C:\1396_2000-2012-11-19.mp4
[2012/11/04 10:04:47 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\FirstRowSportApp.lnk
[2012/11/04 06:23:16 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\FirstRow Watch Live NFL Online. Watch Live NCAA Online. American Football Live Streams.url
[2012/11/02 01:40:36 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2012/11/02 01:40:36 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Desktop\Audacity.lnk
[2012/09/20 23:09:18 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\store-pp.jbs
[2012/09/20 23:08:54 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/07/28 03:01:12 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2012/07/28 03:01:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2012/06/03 20:58:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/03 20:58:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/03 20:58:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/03 20:58:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/03 20:58:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/10 18:48:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/04/10 18:47:51 | 000,268,808 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\census.cache
[2012/04/10 18:47:28 | 000,209,719 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ars.cache
[2012/02/15 20:12:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 16:41:19 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Master Blaster\ntuser.pol
[2012/01/18 01:47:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/01/18 01:46:47 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/01/18 01:46:45 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/01/18 01:46:45 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/11/16 07:58:23 | 000,001,352 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\of draft.mmpl
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/05/09 02:02:27 | 000,000,293 | ---- | C] () -- C:\Program Files\adobeCS5.rtf
[2011/03/26 20:16:19 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/26 20:16:19 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/08 04:29:21 | 000,000,132 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\Application Data\Adobe PNG Format CS5 Prefs
[2011/01/08 04:19:56 | 000,000,132 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\Application Data\Adobe GIF Format CS5 Prefs
[2010/10/10 22:20:04 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\housecall.guid.cache
[2010/09/28 21:17:44 | 000,016,096 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Schedule8.dat
[2010/03/22 11:43:12 | 000,033,564 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\Start Menu.rar
[2010/02/15 00:32:15 | 000,000,105 | -H-- | C] () -- C:\Documents and Settings\Master Blaster\default.pls
[2009/12/11 23:14:32 | 000,176,128 | ---- | C] () -- C:\Documents and Settings\Master Blaster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/02/21 03:45:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/10/28 21:38:22 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/11 15:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/30 17:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/09/20 23:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/12/12 03:17:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/10/09 04:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2010/10/25 14:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/15 19:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/08/03 01:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/07/21 17:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/01/30 23:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPjHfIb06510
[2011/02/05 11:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kCmJhHl06511
[2012/04/10 23:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/24 22:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/05/09 01:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/06/19 04:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
[2009/12/21 23:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/11/14 22:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager
[2012/02/15 22:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2011/11/17 21:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/08/21 14:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/21 23:34:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2010/10/16 03:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\adma
[2011/08/19 21:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Alien Skin
[2012/11/25 14:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Audacity
[2011/03/09 23:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Aura4You
[2012/04/30 17:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\AVG Secure Search
[2012/09/20 23:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Babylon
[2011/06/29 19:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\BitZipper
[2012/02/07 11:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Canon
[2011/02/08 06:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/12 01:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\CheckPoint
[2010/09/14 19:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\ColorCop
[2012/02/22 21:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\DDMSettings
[2012/11/28 05:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\DMCache
[2011/10/09 22:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\FLV Extract
[2011/04/18 19:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\GetRightToGo
[2012/11/25 15:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\IDM
[2011/01/30 12:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Leadertech
[2010/06/18 20:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\mjusbsp
[2012/03/07 04:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Moyea
[2012/02/29 04:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\MusicBrainz
[2012/11/21 23:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
[2012/06/12 17:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\OpenOffice.org
[2010/04/30 06:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Panda Security
[2009/12/21 23:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\TuneUp Software
========== Purity Check ==========


< End of report >

 

[Jay Pfoutz]

OTL Fix

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :OTL
  DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ythte.sys -- (pneclo)
  IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={sea..._clro&mntrId=f81deddd000000000000001e90e94f32
  IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=allp&s={searchTerms}&f=4
  IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=allp&s={searchTerms}&f=4&hl={language}&src=chrm
  FF - prefs.js..browser.search.defaultenginename: "Claro Search"
  FF - prefs.js..browser.search.order.1: "Claro Search"
  FF - prefs.js..browser.search.selectedEngine: "Claro Search"
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
  FF - prefs.js..keyword.URL: "http://www.claro-search.com/?affID=...lro&mntrId=f81deddd000000000000001e90e94f32&q="
  [2012/09/20 23:08:09 | 000,006,521 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
  [2011/02/19 04:26:21 | 000,002,047 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchallp.xml
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
  [2012/09/20 23:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
  [2011/01/30 23:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPjHfIb06510
  [2011/02/05 11:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kCmJhHl06511
  [2012/09/20 23:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master Blaster\Application Data\Babylon
  
  :files
  ipconfig /flushdns /c
  
  :commands
  [emptytemp]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Uncheck "Trace disk IO calls".
• Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
• Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

 

[SledgeProne]

Hi Jay,
While I very much appreciate your efforts, which appeared to have this rodent ensnared, if not caged, I suspect there's either a viral epidemic taking place, and I seriously need to alter my browsing nature, and security, or I somehow unleashed the wrath of whatever creature remained in my machine, as it currently wont boot.
Actually, it boots to a blank, white screen from where I can only access the task manager. Any attempts into Safe Mode or Safe Mode with Networking results in a log off / looping restart.
One other specific is that when the yes/no option appears entering safe mode asking about restore, another box opens stating Malwarebytes has stopped working / end task. Also, I believe I initially noticed one of those felonious FBI ransom warnings briefly splash on the display.

Posted with my backup PC.

 

[Jay Pfoutz]

OTLPE + Farbar Recovery Scan Tool

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
• Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.

• When the tool opens click Yes to disclaimer.
• Press Scan button. It will do its scan and save a log on your flash drive.
• Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
  
  
  
  When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

 

[SledgeProne]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2012
Ran by SYSTEM at 03-12-2012 02:55:19
Running from G:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1468296 2009-06-01] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1313640 1999-12-31] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2011-11-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto [3225144 2012-06-09] (SoftPerfect Research)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]
HKU\Master Blaster\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Master Blaster\...\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Master Blaster\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Master Blaster\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Master Blaster\Application Data\skype.dat [87911 2010-12-09] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 ASTSRV; C:\WINDOWS\system32\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-03-23] (TuneUp Software)
2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-03-23] (TuneUp Software)
2 Akamai; c:\program files\common files\akamai/netsession_win_ce5ba24.dll [x]
2 ANC; C:\Windows\System32\k750mdm.dll [x]
4 arrayssl_vpn_service3,0,1,9; [x]
2 ashampoodefragservice; C:\Windows\System32\veteboot.dll [x]
4 AsusACPI; [x]
2 atinevxx; C:\Windows\System32\quickhealfirewall.dll [x]
4 atkdisplf; [x]
4 awhost32; [x]
2 bc_pat_f; C:\Windows\System32\MaVctrl.dll [x]
2 ccproxy; C:\Windows\System32\keymaestro.dll [x]
4 CTDevice_Srv; [x]
2 ctdvda2k; C:\Windows\System32\se58nd5.dll [x]
2 ctxcpubal; C:\Windows\System32\cpuidlep.dll [x]
4 F700iat; [x]
2 G400DH; C:\Windows\System32\AMDPCI.dll [x]
2 GMSIPCI; C:\Windows\System32\sysplant.dll [x]
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [x]
2 hpqwmiex; C:\Windows\System32\dlbt_device.dll [x]
4 imountsrv; [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
2 k750mgmt; C:\Windows\System32\tsircsrv.dll [x]
2 ltmodem5; C:\Windows\System32\g400.dll [x]
2 lvpopflt; C:\Windows\System32\bglivesvc.dll [x]
2 lxcf_device; C:\Windows\System32\nmindexingservice.dll [x]
4 mqdmbus; [x]
2 MSMQ; C:\Windows\System32\ovmsmaccessmanager.dll [x]
2 ofcpfwsvc; C:\Windows\System32\FiltUSBEMPIA.dll [x]
2 ovt519; C:\Windows\System32\SSFS0BB9.dll [x]
2 pav_security; C:\Windows\System32\kpf4.dll [x]
2 pdlnatdl; C:\Windows\System32\pdlndsdl.dll [x]
2 protectionservice; C:\Windows\System32\SenFiltService.dll [x]
2 PSSdk21; C:\Windows\System32\cbidf.dll [x]
2 rismxdp; C:\Windows\System32\CiscoVpnInstallService.dll [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
2 s116obex; C:\Windows\System32\transactional.dll [x]
2 StkASSrv; C:\Windows\System32\hdaudbus.dll [x]
4 tga; [x]
2 TIEHDUSB; C:\Windows\System32\cyberpowerups.dll [x]
2 tng-dtmg; C:\Windows\System32\issm.dll [x]
2 tng-dts; C:\Windows\System32\EMCFILT.dll [x]
2 UPATC; C:\Windows\System32\lanmanworkstation.dll [x]
2 vet-filt; C:\Windows\System32\dlcf_device.dll [x]
2 vstor2-ws60; C:\Windows\System32\vaiomediaplatform-mobile-gateway.dll [x]
2 wwsecsvc; C:\Windows\System32\slabser.dll [x]

==================== Drivers (Whitelisted) ====================

3 APLMp50; C:\Windows\System32\Drivers\APLMp50.sys [28224 2006-11-29] (Printing Communications Assoc., Inc. (PCAUSA))
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7493120 2011-11-09] (ATI Technologies Inc.)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101392 2011-03-30] (Advanced Micro Devices)
0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [26248 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [122504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
3 EUDSKACS; \??\C:\WINDOWS\system32\drivers\eudskacs.sys [14216 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
0 EUFS; C:\Windows\System32\drivers\eufs.sys [20616 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12184 2011-09-02] (Logitech, Inc.)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
1 networx; C:\Windows\System32\drivers\networx.sys [51640 2011-04-15] (NetFilterSDK.com)
2 npf; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-11-11] (Microsoft Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 STHDA; C:\Windows\System32\drivers\sthda.sys [1651204 1999-12-31] (IDT, Inc.)
4 ubsvve; C:\Windows\System32\drivers\tnloa.sys [54016 2010-09-15] ()
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\catchme.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [x]
4 hpn; [x]
4 hpt3xx; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
0 pneclo; C:\Windows\System32\drivers\ythte.sys [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]
2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: vet-filt -> C:\Windows\system32\dlcf_device.dll ==> No File.
NETSVC: lvpopflt -> C:\Windows\system32\bglivesvc.dll ==> No File.
NETSVC: mcredirector -> No Registry Path.
NETSVC: bc_pat_f -> C:\Windows\system32\MaVctrl.dll ==> No File.
NETSVC: rismxdp -> C:\Windows\system32\CiscoVpnInstallService.dll ==> No File.
NETSVC: UPATC -> C:\Windows\system32\lanmanworkstation.dll ==> No File.
NETSVC: CTDevice_Srv -> ==> No File.
NETSVC: imountsrv -> ==> No File.
NETSVC: vstor2-ws60 -> C:\Windows\system32\vaiomediaplatform-mobile-gateway.dll ==> No File.
NETSVC: awhost32 -> ==> No File.
NETSVC: protectionservice -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: ovt519 -> C:\Windows\system32\SSFS0BB9.dll ==> No File.
NETSVC: lxcf_device -> C:\Windows\system32\nmindexingservice.dll ==> No File.
NETSVC: CBN -> No Registry Path.
NETSVC: Bcim -> No Registry Path.
NETSVC: fsaa -> No Registry Path.
NETSVC: fasttrackinstallerservice -> No Registry Path.
NETSVC: comhost -> No Registry Path.
NETSVC: DVDRC -> No Registry Path.
NETSVC: StkASSrv -> C:\Windows\system32\hdaudbus.dll ==> No File.
NETSVC: s116obex -> C:\Windows\system32\transactional.dll ==> No File.
NETSVC: ltmodem5 -> C:\Windows\system32\g400.dll ==> No File.
NETSVC: PSSdk21 -> C:\Windows\system32\cbidf.dll ==> No File.
NETSVC: hpqwmiex -> C:\Windows\system32\dlbt_device.dll ==> No File.
NETSVC: k750mgmt -> C:\Windows\system32\tsircsrv.dll ==> No File.
NETSVC: pav_security -> C:\Windows\system32\kpf4.dll ==> No File.
NETSVC: TIEHDUSB -> C:\Windows\system32\cyberpowerups.dll ==> No File.
NETSVC: ctdvda2k -> C:\Windows\system32\se58nd5.dll ==> No File.
NETSVC: ctxcpubal -> C:\Windows\system32\cpuidlep.dll ==> No File.
NETSVC: ofcpfwsvc -> C:\Windows\system32\FiltUSBEMPIA.dll ==> No File.
NETSVC: ccproxy -> C:\Windows\system32\keymaestro.dll ==> No File.
NETSVC: G400DH -> C:\Windows\system32\AMDPCI.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\quickhealfirewall.dll ==> No File.
NETSVC: ashampoodefragservice -> C:\Windows\system32\veteboot.dll ==> No File.
NETSVC: agnwifi -> No Registry Path.
NETSVC: SRTSPL -> No Registry Path.
NETSVC: keriomailserver -> No Registry Path.
NETSVC: wmccdsls -> No Registry Path.
NETSVC: aolavupd -> No Registry Path.
NETSVC: hsxhwazl -> No Registry Path.
NETSVC: MSMQ -> C:\Windows\system32\ovmsmaccessmanager.dll ==> No File.
NETSVC: tng-dts -> C:\Windows\system32\EMCFILT.dll ==> No File.
NETSVC: tng-dtmg -> C:\Windows\system32\issm.dll ==> No File.
NETSVC: F700iat -> ==> No File.
NETSVC: arrayssl_vpn_service3,0,1,9 -> ==> No File.
NETSVC: pdlnatdl -> C:\Windows\system32\pdlndsdl.dll ==> No File.
NETSVC: atkdisplf -> ==> No File.
NETSVC: tga -> ==> No File.
NETSVC: AsusACPI -> ==> No File.
NETSVC: mqdmbus -> ==> No File.
NETSVC: GMSIPCI -> C:\Windows\system32\sysplant.dll ==> No File.
NETSVC: ANC -> C:\Windows\system32\k750mdm.dll ==> No File.
NETSVC: wwsecsvc -> C:\Windows\system32\slabser.dll ==> No File.
NETSVC: ip6fwhlp -> No Registry Path.
NETSVC: mhn -> No Registry Path.
NETSVC: sacsvr -> No Registry Path.
NETSVC: trksvr -> No Registry Path.

==================== One Month Created Files and Folders ========

2012-12-03 02:55 - 2012-12-03 02:55 - 00000000 ____D C:\FRST
2012-11-30 09:19 - 2012-11-30 09:51 - 00000004 ____A C:\Documents and Settings\Master Blaster\Application Data\skype.ini
2012-11-30 02:02 - 2012-11-30 02:02 - 00000353 ____A C:\Documents and Settings\Master Blaster\Desktop\Sissel - O Mio Babbino Caro - YouTube.url
2012-11-29 23:47 - 2012-11-29 23:47 - 00097778 ____A C:\Documents and Settings\Master Blaster\Desktop\OTL.Txt
2012-11-29 23:47 - 2012-11-29 23:47 - 00048308 ____A C:\Documents and Settings\Master Blaster\Desktop\Extras.Txt
2012-11-29 23:39 - 2012-11-29 23:39 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
2012-11-29 05:01 - 2012-11-29 05:01 - 00001161 ____A C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
2012-11-29 04:40 - 2012-11-29 04:40 - 00001631 ____A C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
2012-11-29 03:24 - 2012-11-29 03:24 - 00019124 ____A C:\ComboFix.txt
2012-11-29 03:05 - 2012-11-29 03:05 - 00000000 ____D C:\Program Files\GPLGS
2012-11-29 03:04 - 2012-09-12 18:32 - 00088688 ____A C:\Windows\System32\cpwmon2k.dll
2012-11-29 02:37 - 2012-11-29 02:37 - 00036363 ____A C:\Windows\CSTBox.INI
2012-11-29 02:28 - 2012-11-29 02:32 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\scans
2012-11-27 01:27 - 2012-11-27 01:27 - 00019195 ____A C:\Documents and Settings\Master Blaster\Desktop\comboscan.txt
2012-11-25 15:07 - 2012-11-25 15:07 - 05006177 ____R (Swearware) C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
2012-11-25 13:07 - 2012-11-25 13:07 - 04742932 ____A C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
2012-11-25 03:11 - 2012-11-25 03:11 - 00442200 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
2012-11-24 17:18 - 2012-11-24 17:18 - 00000453 ____A C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
2012-11-24 17:16 - 2012-11-24 17:16 - 04732416 ____A (AVAST Software) C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
2012-11-24 09:21 - 2012-11-24 09:25 - 152292227 ____A C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
2012-11-24 06:36 - 2012-11-24 06:36 - 00025585 ____A C:\Documents and Settings\Master Blaster\Desktop\attach.txt
2012-11-24 06:36 - 2012-11-24 06:36 - 00015803 ____A C:\Documents and Settings\Master Blaster\Desktop\dds.txt
2012-11-24 06:30 - 2012-11-24 06:33 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\storage nov12
2012-11-23 08:12 - 2012-11-23 08:12 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\New Folder
2012-11-23 07:19 - 2012-11-23 07:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-22 11:55 - 2012-11-22 11:55 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\song_data
2012-11-22 07:35 - 2012-11-22 07:41 - 79108767 ____A C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
2012-11-22 03:52 - 2012-11-22 03:52 - 00110592 ____A C:\Windows\Minidump\Mini112212-01.dmp
2012-11-22 02:44 - 2012-11-22 03:09 - 00000000 ____D C:\Documents and Settings\Master Blaster\.frostwire5
2012-11-22 02:44 - 2012-11-22 02:45 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\FrostWire
2012-11-22 02:41 - 2012-11-22 03:31 - 00000000 ____D C:\Program Files\Real
2012-11-22 02:41 - 2012-11-22 03:31 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Real
2012-11-22 02:40 - 2012-11-22 03:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
2012-11-22 02:40 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
2012-11-19 15:23 - 2012-11-25 15:14 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData
2012-11-19 14:00 - 2012-11-19 14:00 - 15401600 ____A C:\240P_400K_6203321[3].mp4
2012-11-19 13:56 - 2012-11-19 13:56 - 06350273 ____A C:\general01_H_6493301_01-2012-11-19.mp4
2012-11-19 13:55 - 2012-11-19 13:57 - 43588603 ____A C:\240P_352K_5225320-2012-11-19.mp4
2012-11-19 13:53 - 2012-11-19 13:53 - 11501318 ____A C:\1396_2000-2012-11-19.mp4
2012-11-19 12:17 - 2012-11-19 12:16 - 00110592 ____A C:\Windows\Minidump\Mini111912-01.dmp
2012-11-15 06:07 - 2012-11-15 06:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2012-11-15 06:06 - 2012-11-22 08:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
2012-11-15 03:01 - 2012-11-15 06:07 - 00011727 ____A C:\Windows\KB2727528.log
2012-11-15 03:01 - 2012-11-15 06:06 - 00013180 ____A C:\Windows\KB2761226.log
2012-11-14 04:20 - 2012-11-14 04:20 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\DWP
2012-11-08 05:19 - 2012-11-08 05:19 - 00000000 ____D C:\Program Files\WS_FTP
2012-11-04 13:04 - 2012-11-04 13:04 - 00000810 ____A C:\Documents and Settings\Master Blaster\Desktop\FirstRowSportApp.lnk
2012-11-04 13:04 - 2012-11-04 13:04 - 00000000 ____D C:\Program Files\FirstRowSportApp.com
2012-11-04 09:23 - 2012-11-04 09:23 - 00000291 ____A C:\Documents and Settings\Master Blaster\Desktop\FirstRow Watch Live NFL Online. Watch Live NCAA Online. American Football Live Streams.url

==================== One Month Modified Files and Folders ========

2012-12-03 02:55 - 2012-12-03 02:55 - 00000000 ____D C:\FRST
2012-11-30 09:52 - 2012-01-18 04:51 - 00524288 ____A C:\Windows\System32\config\ACEEvent.evt
2012-11-30 09:52 - 2009-12-22 02:35 - 00524288 ____A C:\Windows\System32\config\TuneUp.evt
2012-11-30 09:52 - 2009-12-11 08:00 - 01192070 ____A C:\Windows\WindowsUpdate.log
2012-11-30 09:52 - 2009-12-10 23:49 - 00000178 __ASH C:\Documents and Settings\Master Blaster\ntuser.ini
2012-11-30 09:52 - 2009-12-10 23:42 - 00032362 ____A C:\Windows\SchedLgU.Txt
2012-11-30 09:52 - 2009-12-10 23:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-30 09:52 - 2009-12-10 14:38 - 00000216 ____A C:\Windows\wiadebug.log
2012-11-30 09:51 - 2012-11-30 09:19 - 00000004 ____A C:\Documents and Settings\Master Blaster\Application Data\skype.ini
2012-11-30 09:48 - 2012-06-27 02:49 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-30 09:48 - 2010-08-12 06:17 - 00000504 ____A C:\Windows\Tasks\1-Click Maintenance.job
2012-11-30 09:48 - 2010-05-07 02:43 - 00000000 ____D C:\Program Files\Common Files\Akamai
2012-11-30 09:48 - 2009-12-10 23:49 - 00000062 __ASH C:\Documents and Settings\Master Blaster\Local Settings\desktop.ini
2012-11-30 09:48 - 2009-12-10 14:38 - 00000050 ____A C:\Windows\wiaservc.log
2012-11-30 09:48 - 2001-08-23 07:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2012-11-30 09:47 - 2009-12-10 23:42 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-11-30 09:47 - 2009-12-10 23:42 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-11-30 09:39 - 2009-12-12 03:07 - 00000000 __SHD C:\Windows\CSC
2012-11-30 09:18 - 2012-04-29 04:23 - 00000000 ____D C:\hidownload
2012-11-30 09:17 - 2009-12-13 01:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\IDM
2012-11-30 09:04 - 2012-06-27 02:49 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-30 08:59 - 2012-03-17 08:45 - 00000000 ____D C:\IDM
2012-11-30 08:33 - 2012-04-02 04:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-30 02:02 - 2012-11-30 02:02 - 00000353 ____A C:\Documents and Settings\Master Blaster\Desktop\Sissel - O Mio Babbino Caro - YouTube.url
2012-11-30 01:36 - 2009-12-13 01:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\DMCache
2012-11-30 00:26 - 2011-02-21 05:54 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\vlc
2012-11-29 23:47 - 2012-11-29 23:47 - 00097778 ____A C:\Documents and Settings\Master Blaster\Desktop\OTL.Txt
2012-11-29 23:47 - 2012-11-29 23:47 - 00048308 ____A C:\Documents and Settings\Master Blaster\Desktop\Extras.Txt
2012-11-29 23:39 - 2012-11-29 23:39 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
2012-11-29 23:30 - 2012-01-12 08:29 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\New Folder
2012-11-29 05:01 - 2012-11-29 05:01 - 00001161 ____A C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
2012-11-29 04:40 - 2012-11-29 04:40 - 00001631 ____A C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
2012-11-29 04:03 - 2012-08-07 06:46 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\send
2012-11-29 03:34 - 2009-12-10 14:37 - 00559994 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-29 03:24 - 2012-11-29 03:24 - 00019124 ____A C:\ComboFix.txt
2012-11-29 03:24 - 2012-06-03 23:58 - 00000000 ___AD C:\Qoobox
2012-11-29 03:22 - 2001-08-23 07:00 - 00000227 ____A C:\Windows\system.ini
2012-11-29 03:07 - 2010-02-02 04:10 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\CutePDF Writer
2012-11-29 03:05 - 2012-11-29 03:05 - 00000000 ____D C:\Program Files\GPLGS
2012-11-29 03:04 - 2010-02-02 04:08 - 00000000 ____D C:\Program Files\Acro Software
2012-11-29 03:01 - 2009-12-10 14:29 - 00000000 ____D C:\Windows\Resources
2012-11-29 02:37 - 2012-11-29 02:37 - 00036363 ____A C:\Windows\CSTBox.INI
2012-11-29 02:32 - 2012-11-29 02:28 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\scans
2012-11-28 12:56 - 2012-06-14 05:47 - 00017857 ____A C:\Windows\wmsetup.log
2012-11-28 07:49 - 2011-12-05 13:50 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\shortcuts2
2012-11-27 04:33 - 2009-12-12 22:30 - 00000000 ____D C:\Earth
2012-11-27 01:28 - 2012-04-28 03:31 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\uTorrent
2012-11-27 01:27 - 2012-11-27 01:27 - 00019195 ____A C:\Documents and Settings\Master Blaster\Desktop\comboscan.txt
2012-11-26 16:44 - 2009-12-12 02:14 - 00176128 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-26 07:34 - 2010-04-08 01:09 - 00000116 ____A C:\Windows\NeroDigital.ini
2012-11-25 17:55 - 2012-11-02 04:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Audacity
2012-11-25 15:14 - 2012-11-19 15:23 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData
2012-11-25 15:07 - 2012-11-25 15:07 - 05006177 ____R (Swearware) C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
2012-11-25 13:07 - 2012-11-25 13:07 - 04742932 ____A C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
2012-11-25 05:52 - 2011-09-05 19:07 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\suki
2012-11-25 03:11 - 2012-11-25 03:11 - 00442200 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
2012-11-24 17:18 - 2012-11-24 17:18 - 00000453 ____A C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
2012-11-24 17:16 - 2012-11-24 17:16 - 04732416 ____A (AVAST Software) C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
2012-11-24 09:25 - 2012-11-24 09:21 - 152292227 ____A C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
2012-11-24 06:36 - 2012-11-24 06:36 - 00025585 ____A C:\Documents and Settings\Master Blaster\Desktop\attach.txt
2012-11-24 06:36 - 2012-11-24 06:36 - 00015803 ____A C:\Documents and Settings\Master Blaster\Desktop\dds.txt
2012-11-24 06:34 - 2011-12-05 13:48 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\all superb
2012-11-24 06:33 - 2012-11-24 06:30 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\storage nov12
2012-11-23 08:17 - 2012-10-09 05:05 - 00000000 ____D C:\Collection
2012-11-23 08:12 - 2012-11-23 08:12 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\New Folder
2012-11-23 07:19 - 2012-11-23 07:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-23 03:07 - 2012-04-10 21:47 - 00268808 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\census.cache
2012-11-23 03:06 - 2012-04-10 21:47 - 00209719 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ars.cache
2012-11-22 11:55 - 2012-11-22 11:55 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\song_data
2012-11-22 10:05 - 2011-11-03 19:41 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai
2012-11-22 09:19 - 2010-02-21 06:45 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-22 08:40 - 2010-04-15 05:02 - 00000000 __HDC C:\Windows\$NtUninstallKB980232$
2012-11-22 08:23 - 2009-12-12 22:32 - 00000000 ____D C:\Program Files\Google
2012-11-22 08:22 - 2012-11-15 06:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
2012-11-22 07:51 - 2012-06-09 07:57 - 00036686 ____A C:\Windows\setupapi.log
2012-11-22 07:51 - 2011-07-18 00:51 - 00000000 ____D C:\Program Files\Zune
2012-11-22 07:46 - 2009-12-12 22:32 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Google
2012-11-22 07:41 - 2012-11-22 07:35 - 79108767 ____A C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
2012-11-22 07:39 - 2012-05-09 04:16 - 00003177 ____A C:\Windows\setupact.log
2012-11-22 03:52 - 2012-11-22 03:52 - 00110592 ____A C:\Windows\Minidump\Mini112212-01.dmp
2012-11-22 03:52 - 2009-12-13 07:25 - 00000000 ____D C:\Windows\Minidump
2012-11-22 03:31 - 2012-11-22 02:41 - 00000000 ____D C:\Program Files\Real
2012-11-22 03:31 - 2012-11-22 02:41 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Real
2012-11-22 03:31 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
2012-11-22 03:22 - 2012-10-30 05:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-11-22 03:13 - 2010-09-29 00:19 - 00001984 ____A C:\Windows\System32\d3d9caps.dat
2012-11-22 03:09 - 2012-11-22 02:44 - 00000000 ____D C:\Documents and Settings\Master Blaster\.frostwire5
2012-11-22 02:45 - 2012-11-22 02:44 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\FrostWire
2012-11-22 02:41 - 2003-03-19 01:14 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-11-22 02:41 - 2003-02-21 07:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-11-22 02:40 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
2012-11-22 02:15 - 2010-03-10 04:09 - 00000000 ____D C:\Program Files\PeerBlock
2012-11-22 00:37 - 2012-10-27 23:52 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\volcano
2012-11-19 14:00 - 2012-11-19 14:00 - 15401600 ____A C:\240P_400K_6203321[3].mp4
2012-11-19 13:57 - 2012-11-19 13:55 - 43588603 ____A C:\240P_352K_5225320-2012-11-19.mp4
2012-11-19 13:56 - 2012-11-19 13:56 - 06350273 ____A C:\general01_H_6493301_01-2012-11-19.mp4
2012-11-19 13:53 - 2012-11-19 13:53 - 11501318 ____A C:\1396_2000-2012-11-19.mp4
2012-11-19 12:16 - 2012-11-19 12:17 - 00110592 ____A C:\Windows\Minidump\Mini111912-01.dmp
2012-11-15 06:51 - 2009-12-10 14:36 - 03449912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 06:08 - 2009-12-11 14:24 - 64010424 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-15 06:07 - 2012-11-15 06:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2012-11-15 06:07 - 2012-11-15 03:01 - 00011727 ____A C:\Windows\KB2727528.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00177212 ____A C:\Windows\iis6.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00166931 ____A C:\Windows\FaxSetup.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00079812 ____A C:\Windows\ocgen.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00076167 ____A C:\Windows\tsoc.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00054570 ____A C:\Windows\comsetup.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00050000 ____A C:\Windows\msmqinst.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00033166 ____A C:\Windows\ntdtcsetup.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00029241 ____A C:\Windows\netfxocm.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00011475 ____A C:\Windows\MedCtrOC.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00009234 ____A C:\Windows\ocmsn.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00008397 ____A C:\Windows\tabletoc.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00008181 ____A C:\Windows\msgsocm.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00001393 ____A C:\Windows\imsins.log
2012-11-15 06:06 - 2012-11-15 03:01 - 00013180 ____A C:\Windows\KB2761226.log
2012-11-15 06:06 - 2009-12-10 14:37 - 00001393 ____A C:\Windows\imsins.BAK
2012-11-15 03:01 - 2009-12-11 08:23 - 00000000 ___HD C:\Windows\$hf_mig$
2012-11-14 04:20 - 2012-11-14 04:20 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\DWP
2012-11-14 04:02 - 2009-12-12 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2012-11-13 21:23 - 2012-04-02 04:05 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-11-13 21:23 - 2011-05-17 05:58 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-11-09 20:15 - 2012-09-02 19:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\select
2012-11-08 05:43 - 2011-06-24 03:09 - 00000000 ____D C:\mafa
2012-11-08 05:19 - 2012-11-08 05:19 - 00000000 ____D C:\Program Files\WS_FTP
2012-11-08 05:19 - 2009-12-10 23:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-11-08 05:19 - 2001-08-23 07:00 - 00000656 ____A C:\Windows\win.ini
2012-11-07 22:12 - 2012-07-24 08:55 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-07 22:12 - 2012-04-10 19:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-06 19:49 - 2012-06-30 00:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-11-04 13:04 - 2012-11-04 13:04 - 00000810 ____A C:\Documents and Settings\Master Blaster\Desktop\FirstRowSportApp.lnk
2012-11-04 13:04 - 2012-11-04 13:04 - 00000000 ____D C:\Program Files\FirstRowSportApp.com
2012-11-04 09:23 - 2012-11-04 09:23 - 00000291 ____A C:\Documents and Settings\Master Blaster\Desktop\FirstRow Watch Live NFL Online. Watch Live NCAA Online. American Football Live Streams.url
2012-11-04 08:58 - 2009-12-10 14:29 - 00000000 ____D C:\Windows\Help

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-11-30 03:45 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP219

RP: -> 2012-11-29 03:04 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP218

RP: -> 2012-11-29 01:07 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP217


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 2047.17 MB
Available physical RAM: 1791.02 MB
Total Pagefile: 1877.82 MB
Available Pagefile: 1816.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.18 MB

==================== Partitions =============================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:127.99 GB) (Free:1.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (SATA) (Fixed) (Total:149.04 GB) (Free:0.88 GB) NTFS
5 Drive e: (New Volume) (Fixed) (Total:570.65 GB) (Free:0.18 GB) NTFS
6 Drive f: (SATA) (Fixed) (Total:149.05 GB) (Free:0.23 GB) NTFS
7 Drive g: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
8 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 699 GB 0 B
Disk 1 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 128 GB 32 KB
Partition 2 Primary 571 GB 128 GB
=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 128 GB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E New Volume NTFS Partition 571 GB Healthy
=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 32 KB
Partition 2 Primary 149 GB 149 GB
=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D SATA NTFS Partition 149 GB Healthy
=========================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F SATA NTFS Partition 149 GB Healthy
=========================================================
==================== End Of Log ============================




Search.txt

Farbar Recovery Scan Tool (x86) Version: 02-12-2012
Ran by SYSTEM at 2012-12-03 02:57:37
Running from G:\

================== Search: "services.exe" ===================

C:\WINDOWS\system32\services.exe
[2001-08-23 07:00] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\system32\dllcache\services.exe
[2009-12-11 09:30] - [2009-02-06 06:11] - 0110592 ____C (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\ServicePackFiles\i386\services.exe
[2004-08-04 02:56] - [2008-04-13 19:12] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\ERDNT\cache\services.exe
[2012-04-18 01:35] - [2009-02-06 06:11] - 0110592 ___AC (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009-12-11 09:37] - [2008-04-13 19:12] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009-12-11 08:31] - [2004-08-04 02:56] - 0108032 ____C (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009-12-11 09:30] - [2009-02-06 06:06] - 0110592 ___AC (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6

=== End Of Search ===

 

[Jay Pfoutz]

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
4 tga; [x]
0 pneclo; C:\Windows\System32\drivers\ythte.sys [x]
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[SledgeProne]

System Recovery Options? Is this a feature available through the Reatogo Desktop, or are you directing to access via the Recovery Console?
If the latter, I'll probably need to install it. Previous attempts however, have been denied access, thwarted at the prompt for admin PW. I cant recall having ever set one, and though I could try to simply hit enter at the prompt, my understanding is that if a password isn't chosen, one is consequently allocated.
Also, this particular XP Pro install involved the six setup floppy disks. I do have the CDROM for another, slightly newer version of XP Pro installed on another machine, if it would be easier, or possible to use.

 

[Jay Pfoutz]

My apologies, I meant to go back to REATOGO/OTLPE...and then run FRST again. Sorry I didn't edit that.

 

[SledgeProne]

Ok, got it!

Also, would I be correct in assuming FRST is programmed to scan its own directory flash drive for any fixlist.txt file, when the fix button is clicked? Or does it need to be directed to the file first?

 

[SledgeProne]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-12-2012
Ran by SYSTEM at 2012-12-04 18:49:57 Run:1
Running from G:\

==============================================

tga service deleted successfully.
pneclo service deleted successfully.

==== End of Fixlog ====

After running the fix, a normal boot returned to the curser on a white, blank screen, instead of the desktop.
Cntrl Alt Delete, opens task manager on my own desktop background, but devoid of any icons.

Rebooting into SafeMode still results in a looping restart.

 

[Jay Pfoutz]

Okay, we need another FRST log. Please go to OTLPE again and run FRST scan, post new log.