Solved One large rat trap please

SledgeProne · Dec 5, 2012

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2012
Ran by SYSTEM at 05-12-2012 18:01:47
Running from G:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1468296 2009-06-01] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1313640 1999-12-31] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2011-11-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto [3225144 2012-06-09] (SoftPerfect Research)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]
HKU\Master Blaster\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Master Blaster\...\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Master Blaster\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Master Blaster\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Master Blaster\Application Data\skype.dat [87911 2010-12-09] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 ASTSRV; C:\WINDOWS\system32\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-03-23] (TuneUp Software)
2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-03-23] (TuneUp Software)
2 Akamai; c:\program files\common files\akamai/netsession_win_ce5ba24.dll [x]
2 ANC; C:\Windows\System32\k750mdm.dll [x]
4 arrayssl_vpn_service3,0,1,9; [x]
2 ashampoodefragservice; C:\Windows\System32\veteboot.dll [x]
4 AsusACPI; [x]
2 atinevxx; C:\Windows\System32\quickhealfirewall.dll [x]
4 atkdisplf; [x]
4 awhost32; [x]
2 bc_pat_f; C:\Windows\System32\MaVctrl.dll [x]
2 ccproxy; C:\Windows\System32\keymaestro.dll [x]
4 CTDevice_Srv; [x]
2 ctdvda2k; C:\Windows\System32\se58nd5.dll [x]
2 ctxcpubal; C:\Windows\System32\cpuidlep.dll [x]
4 F700iat; [x]
2 G400DH; C:\Windows\System32\AMDPCI.dll [x]
2 GMSIPCI; C:\Windows\System32\sysplant.dll [x]
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [x]
2 hpqwmiex; C:\Windows\System32\dlbt_device.dll [x]
4 imountsrv; [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
2 k750mgmt; C:\Windows\System32\tsircsrv.dll [x]
2 ltmodem5; C:\Windows\System32\g400.dll [x]
2 lvpopflt; C:\Windows\System32\bglivesvc.dll [x]
2 lxcf_device; C:\Windows\System32\nmindexingservice.dll [x]
4 mqdmbus; [x]
2 MSMQ; C:\Windows\System32\ovmsmaccessmanager.dll [x]
2 ofcpfwsvc; C:\Windows\System32\FiltUSBEMPIA.dll [x]
2 ovt519; C:\Windows\System32\SSFS0BB9.dll [x]
2 pav_security; C:\Windows\System32\kpf4.dll [x]
2 pdlnatdl; C:\Windows\System32\pdlndsdl.dll [x]
2 protectionservice; C:\Windows\System32\SenFiltService.dll [x]
2 PSSdk21; C:\Windows\System32\cbidf.dll [x]
2 rismxdp; C:\Windows\System32\CiscoVpnInstallService.dll [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
2 s116obex; C:\Windows\System32\transactional.dll [x]
2 StkASSrv; C:\Windows\System32\hdaudbus.dll [x]
2 TIEHDUSB; C:\Windows\System32\cyberpowerups.dll [x]
2 tng-dtmg; C:\Windows\System32\issm.dll [x]
2 tng-dts; C:\Windows\System32\EMCFILT.dll [x]
2 UPATC; C:\Windows\System32\lanmanworkstation.dll [x]
2 vet-filt; C:\Windows\System32\dlcf_device.dll [x]
2 vstor2-ws60; C:\Windows\System32\vaiomediaplatform-mobile-gateway.dll [x]
2 wwsecsvc; C:\Windows\System32\slabser.dll [x]

==================== Drivers (Whitelisted) ====================

3 APLMp50; C:\Windows\System32\Drivers\APLMp50.sys [28224 2006-11-29] (Printing Communications Assoc., Inc. (PCAUSA))
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [7493120 2011-11-09] (ATI Technologies Inc.)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [101392 2011-03-30] (Advanced Micro Devices)
0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [26248 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [122504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
3 EUDSKACS; \??\C:\WINDOWS\system32\drivers\eudskacs.sys [14216 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
0 EUFS; C:\Windows\System32\drivers\eufs.sys [20616 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12184 2011-09-02] (Logitech, Inc.)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
1 networx; C:\Windows\System32\drivers\networx.sys [51640 2011-04-15] (NetFilterSDK.com)
2 npf; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-11-11] (Microsoft Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 STHDA; C:\Windows\System32\drivers\sthda.sys [1651204 1999-12-31] (IDT, Inc.)
4 ubsvve; C:\Windows\System32\drivers\tnloa.sys [54016 2010-09-15] ()
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\catchme.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [x]
4 hpn; [x]
4 hpt3xx; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]
2 zumbus; C:\Windows\System32\DRIVERS\zumbus.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: vet-filt -> C:\Windows\system32\dlcf_device.dll ==> No File.
NETSVC: lvpopflt -> C:\Windows\system32\bglivesvc.dll ==> No File.
NETSVC: mcredirector -> No Registry Path.
NETSVC: bc_pat_f -> C:\Windows\system32\MaVctrl.dll ==> No File.
NETSVC: rismxdp -> C:\Windows\system32\CiscoVpnInstallService.dll ==> No File.
NETSVC: UPATC -> C:\Windows\system32\lanmanworkstation.dll ==> No File.
NETSVC: CTDevice_Srv -> ==> No File.
NETSVC: imountsrv -> ==> No File.
NETSVC: vstor2-ws60 -> C:\Windows\system32\vaiomediaplatform-mobile-gateway.dll ==> No File.
NETSVC: awhost32 -> ==> No File.
NETSVC: protectionservice -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: ovt519 -> C:\Windows\system32\SSFS0BB9.dll ==> No File.
NETSVC: lxcf_device -> C:\Windows\system32\nmindexingservice.dll ==> No File.
NETSVC: CBN -> No Registry Path.
NETSVC: Bcim -> No Registry Path.
NETSVC: fsaa -> No Registry Path.
NETSVC: fasttrackinstallerservice -> No Registry Path.
NETSVC: comhost -> No Registry Path.
NETSVC: DVDRC -> No Registry Path.
NETSVC: StkASSrv -> C:\Windows\system32\hdaudbus.dll ==> No File.
NETSVC: s116obex -> C:\Windows\system32\transactional.dll ==> No File.
NETSVC: ltmodem5 -> C:\Windows\system32\g400.dll ==> No File.
NETSVC: PSSdk21 -> C:\Windows\system32\cbidf.dll ==> No File.
NETSVC: hpqwmiex -> C:\Windows\system32\dlbt_device.dll ==> No File.
NETSVC: k750mgmt -> C:\Windows\system32\tsircsrv.dll ==> No File.
NETSVC: pav_security -> C:\Windows\system32\kpf4.dll ==> No File.
NETSVC: TIEHDUSB -> C:\Windows\system32\cyberpowerups.dll ==> No File.
NETSVC: ctdvda2k -> C:\Windows\system32\se58nd5.dll ==> No File.
NETSVC: ctxcpubal -> C:\Windows\system32\cpuidlep.dll ==> No File.
NETSVC: ofcpfwsvc -> C:\Windows\system32\FiltUSBEMPIA.dll ==> No File.
NETSVC: ccproxy -> C:\Windows\system32\keymaestro.dll ==> No File.
NETSVC: G400DH -> C:\Windows\system32\AMDPCI.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\quickhealfirewall.dll ==> No File.
NETSVC: ashampoodefragservice -> C:\Windows\system32\veteboot.dll ==> No File.
NETSVC: agnwifi -> No Registry Path.
NETSVC: SRTSPL -> No Registry Path.
NETSVC: keriomailserver -> No Registry Path.
NETSVC: wmccdsls -> No Registry Path.
NETSVC: aolavupd -> No Registry Path.
NETSVC: hsxhwazl -> No Registry Path.
NETSVC: MSMQ -> C:\Windows\system32\ovmsmaccessmanager.dll ==> No File.
NETSVC: tng-dts -> C:\Windows\system32\EMCFILT.dll ==> No File.
NETSVC: tng-dtmg -> C:\Windows\system32\issm.dll ==> No File.
NETSVC: F700iat -> ==> No File.
NETSVC: arrayssl_vpn_service3,0,1,9 -> ==> No File.
NETSVC: pdlnatdl -> C:\Windows\system32\pdlndsdl.dll ==> No File.
NETSVC: atkdisplf -> ==> No File.
NETSVC: tga -> No Registry Path.
NETSVC: AsusACPI -> ==> No File.
NETSVC: mqdmbus -> ==> No File.
NETSVC: GMSIPCI -> C:\Windows\system32\sysplant.dll ==> No File.
NETSVC: ANC -> C:\Windows\system32\k750mdm.dll ==> No File.
NETSVC: wwsecsvc -> C:\Windows\system32\slabser.dll ==> No File.
NETSVC: ip6fwhlp -> No Registry Path.
NETSVC: mhn -> No Registry Path.
NETSVC: sacsvr -> No Registry Path.
NETSVC: trksvr -> No Registry Path.

==================== One Month Created Files and Folders ========

2012-12-03 02:55 - 2012-12-03 02:55 - 00000000 ____D C:\FRST
2012-11-30 09:19 - 2012-12-05 14:28 - 00000004 ____A C:\Documents and Settings\Master Blaster\Application Data\skype.ini
2012-11-30 02:02 - 2012-11-30 02:02 - 00000353 ____A C:\Documents and Settings\Master Blaster\Desktop\Sissel - O Mio Babbino Caro - YouTube.url
2012-11-29 23:47 - 2012-11-29 23:47 - 00097778 ____A C:\Documents and Settings\Master Blaster\Desktop\OTL.Txt
2012-11-29 23:47 - 2012-11-29 23:47 - 00048308 ____A C:\Documents and Settings\Master Blaster\Desktop\Extras.Txt
2012-11-29 23:39 - 2012-11-29 23:39 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
2012-11-29 05:01 - 2012-11-29 05:01 - 00001161 ____A C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
2012-11-29 04:40 - 2012-11-29 04:40 - 00001631 ____A C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
2012-11-29 03:24 - 2012-11-29 03:24 - 00019124 ____A C:\ComboFix.txt
2012-11-29 03:05 - 2012-11-29 03:05 - 00000000 ____D C:\Program Files\GPLGS
2012-11-29 03:04 - 2012-09-12 18:32 - 00088688 ____A C:\Windows\System32\cpwmon2k.dll
2012-11-29 02:37 - 2012-11-29 02:37 - 00036363 ____A C:\Windows\CSTBox.INI
2012-11-29 02:28 - 2012-11-29 02:32 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\scans
2012-11-27 01:27 - 2012-11-27 01:27 - 00019195 ____A C:\Documents and Settings\Master Blaster\Desktop\comboscan.txt
2012-11-25 15:07 - 2012-11-25 15:07 - 05006177 ____R (Swearware) C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
2012-11-25 13:07 - 2012-11-25 13:07 - 04742932 ____A C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
2012-11-25 03:11 - 2012-11-25 03:11 - 00442200 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
2012-11-24 17:18 - 2012-11-24 17:18 - 00000453 ____A C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
2012-11-24 17:16 - 2012-11-24 17:16 - 04732416 ____A (AVAST Software) C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
2012-11-24 09:21 - 2012-11-24 09:25 - 152292227 ____A C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
2012-11-24 06:36 - 2012-11-24 06:36 - 00025585 ____A C:\Documents and Settings\Master Blaster\Desktop\attach.txt
2012-11-24 06:36 - 2012-11-24 06:36 - 00015803 ____A C:\Documents and Settings\Master Blaster\Desktop\dds.txt
2012-11-24 06:30 - 2012-11-24 06:33 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\storage nov12
2012-11-23 08:12 - 2012-11-23 08:12 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\New Folder
2012-11-23 07:19 - 2012-11-23 07:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-22 11:55 - 2012-11-22 11:55 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\song_data
2012-11-22 07:35 - 2012-11-22 07:41 - 79108767 ____A C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
2012-11-22 03:52 - 2012-11-22 03:52 - 00110592 ____A C:\Windows\Minidump\Mini112212-01.dmp
2012-11-22 02:44 - 2012-11-22 03:09 - 00000000 ____D C:\Documents and Settings\Master Blaster\.frostwire5
2012-11-22 02:44 - 2012-11-22 02:45 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\FrostWire
2012-11-22 02:41 - 2012-11-22 03:31 - 00000000 ____D C:\Program Files\Real
2012-11-22 02:41 - 2012-11-22 03:31 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Real
2012-11-22 02:40 - 2012-11-22 03:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
2012-11-22 02:40 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
2012-11-19 15:23 - 2012-11-25 15:14 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData
2012-11-19 14:00 - 2012-11-19 14:00 - 15401600 ____A C:\240P_400K_6203321[3].mp4
2012-11-19 13:56 - 2012-11-19 13:56 - 06350273 ____A C:\general01_H_6493301_01-2012-11-19.mp4
2012-11-19 13:55 - 2012-11-19 13:57 - 43588603 ____A C:\240P_352K_5225320-2012-11-19.mp4
2012-11-19 13:53 - 2012-11-19 13:53 - 11501318 ____A C:\1396_2000-2012-11-19.mp4
2012-11-19 12:17 - 2012-11-19 12:16 - 00110592 ____A C:\Windows\Minidump\Mini111912-01.dmp
2012-11-15 06:07 - 2012-11-15 06:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2012-11-15 06:06 - 2012-11-22 08:22 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
2012-11-15 03:01 - 2012-11-15 06:07 - 00011727 ____A C:\Windows\KB2727528.log
2012-11-15 03:01 - 2012-11-15 06:06 - 00013180 ____A C:\Windows\KB2761226.log
2012-11-14 04:20 - 2012-11-14 04:20 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\DWP
2012-11-08 05:19 - 2012-11-08 05:19 - 00000000 ____D C:\Program Files\WS_FTP

==================== One Month Modified Files and Folders ========

2012-12-05 14:28 - 2012-11-30 09:19 - 00000004 ____A C:\Documents and Settings\Master Blaster\Application Data\skype.ini
2012-12-05 14:28 - 2012-01-18 04:51 - 00524288 ____A C:\Windows\System32\config\ACEEvent.evt
2012-12-05 14:28 - 2009-12-22 02:35 - 00524288 ____A C:\Windows\System32\config\TuneUp.evt
2012-12-05 14:28 - 2009-12-11 08:00 - 01207744 ____A C:\Windows\WindowsUpdate.log
2012-12-05 14:28 - 2009-12-10 23:49 - 00000178 __ASH C:\Documents and Settings\Master Blaster\ntuser.ini
2012-12-05 14:28 - 2009-12-10 23:42 - 00032362 ____A C:\Windows\SchedLgU.Txt
2012-12-05 14:28 - 2009-12-10 23:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-05 14:28 - 2009-12-10 14:38 - 00000216 ____A C:\Windows\wiadebug.log
2012-12-05 14:26 - 2010-08-12 06:17 - 00000504 ____A C:\Windows\Tasks\1-Click Maintenance.job
2012-12-05 14:25 - 2012-06-27 02:49 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-05 14:25 - 2010-05-07 02:43 - 00000000 ____D C:\Program Files\Common Files\Akamai
2012-12-05 14:25 - 2009-12-10 23:49 - 00000062 __ASH C:\Documents and Settings\Master Blaster\Local Settings\desktop.ini
2012-12-05 14:25 - 2009-12-10 23:42 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-12-05 14:25 - 2009-12-10 23:42 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-12-05 14:25 - 2009-12-10 14:38 - 00000049 ____A C:\Windows\wiaservc.log
2012-12-05 14:25 - 2001-08-23 07:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2012-12-04 22:04 - 2012-06-27 02:49 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-04 22:03 - 2009-12-12 03:07 - 00000000 __SHD C:\Windows\CSC
2012-12-04 21:59 - 2012-06-09 07:57 - 00047606 ____A C:\Windows\setupapi.log
2012-12-04 21:59 - 2012-05-09 04:16 - 00003218 ____A C:\Windows\setupact.log
2012-12-03 02:55 - 2012-12-03 02:55 - 00000000 ____D C:\FRST
2012-11-30 09:18 - 2012-04-29 04:23 - 00000000 ____D C:\hidownload
2012-11-30 09:17 - 2009-12-13 01:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\IDM
2012-11-30 08:59 - 2012-03-17 08:45 - 00000000 ____D C:\IDM
2012-11-30 08:33 - 2012-04-02 04:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-30 02:02 - 2012-11-30 02:02 - 00000353 ____A C:\Documents and Settings\Master Blaster\Desktop\Sissel - O Mio Babbino Caro - YouTube.url
2012-11-30 01:36 - 2009-12-13 01:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\DMCache
2012-11-30 00:26 - 2011-02-21 05:54 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\vlc
2012-11-29 23:47 - 2012-11-29 23:47 - 00097778 ____A C:\Documents and Settings\Master Blaster\Desktop\OTL.Txt
2012-11-29 23:47 - 2012-11-29 23:47 - 00048308 ____A C:\Documents and Settings\Master Blaster\Desktop\Extras.Txt
2012-11-29 23:39 - 2012-11-29 23:39 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\Master Blaster\Desktop\OTL.exe
2012-11-29 23:30 - 2012-01-12 08:29 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\New Folder
2012-11-29 05:01 - 2012-11-29 05:01 - 00001161 ____A C:\Documents and Settings\Master Blaster\Desktop\What you'll need....url
2012-11-29 04:40 - 2012-11-29 04:40 - 00001631 ____A C:\Documents and Settings\Master Blaster\Desktop\Delta 36-T30 30 T2 Fence System (2).url
2012-11-29 04:03 - 2012-08-07 06:46 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\send
2012-11-29 03:34 - 2009-12-10 14:37 - 00559994 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-29 03:24 - 2012-11-29 03:24 - 00019124 ____A C:\ComboFix.txt
2012-11-29 03:24 - 2012-06-03 23:58 - 00000000 ___AD C:\Qoobox
2012-11-29 03:22 - 2001-08-23 07:00 - 00000227 ____A C:\Windows\system.ini
2012-11-29 03:07 - 2010-02-02 04:10 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\CutePDF Writer
2012-11-29 03:05 - 2012-11-29 03:05 - 00000000 ____D C:\Program Files\GPLGS
2012-11-29 03:04 - 2010-02-02 04:08 - 00000000 ____D C:\Program Files\Acro Software
2012-11-29 03:01 - 2009-12-10 14:29 - 00000000 ____D C:\Windows\Resources
2012-11-29 02:37 - 2012-11-29 02:37 - 00036363 ____A C:\Windows\CSTBox.INI
2012-11-29 02:32 - 2012-11-29 02:28 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\scans
2012-11-28 12:56 - 2012-06-14 05:47 - 00017857 ____A C:\Windows\wmsetup.log
2012-11-28 07:49 - 2011-12-05 13:50 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\shortcuts2
2012-11-27 04:33 - 2009-12-12 22:30 - 00000000 ____D C:\Earth
2012-11-27 01:28 - 2012-04-28 03:31 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\uTorrent
2012-11-27 01:27 - 2012-11-27 01:27 - 00019195 ____A C:\Documents and Settings\Master Blaster\Desktop\comboscan.txt
2012-11-26 16:44 - 2009-12-12 02:14 - 00176128 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-26 07:34 - 2010-04-08 01:09 - 00000116 ____A C:\Windows\NeroDigital.ini
2012-11-25 17:55 - 2012-11-02 04:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Audacity
2012-11-25 15:14 - 2012-11-19 15:23 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData
2012-11-25 15:07 - 2012-11-25 15:07 - 05006177 ____R (Swearware) C:\Documents and Settings\Master Blaster\Desktop\ComboFix.exe
2012-11-25 13:07 - 2012-11-25 13:07 - 04742932 ____A C:\Documents and Settings\Master Blaster\Desktop\life_of_pi.psd
2012-11-25 05:52 - 2011-09-05 19:07 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\suki
2012-11-25 03:11 - 2012-11-25 03:11 - 00442200 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Master Blaster\Desktop\capperkiller.exe
2012-11-24 17:18 - 2012-11-24 17:18 - 00000453 ____A C:\Documents and Settings\Master Blaster\Desktop\One Large Rat Trap Please - TechSpot Forums.url
2012-11-24 17:16 - 2012-11-24 17:16 - 04732416 ____A (AVAST Software) C:\Documents and Settings\Master Blaster\Desktop\aswMBR.exe
2012-11-24 09:25 - 2012-11-24 09:21 - 152292227 ____A C:\bd2b713aac780837a22001e9327c0e83[1]-2012-11-24.flv
2012-11-24 06:36 - 2012-11-24 06:36 - 00025585 ____A C:\Documents and Settings\Master Blaster\Desktop\attach.txt
2012-11-24 06:36 - 2012-11-24 06:36 - 00015803 ____A C:\Documents and Settings\Master Blaster\Desktop\dds.txt
2012-11-24 06:34 - 2011-12-05 13:48 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\all superb
2012-11-24 06:33 - 2012-11-24 06:30 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\storage nov12
2012-11-23 08:17 - 2012-10-09 05:05 - 00000000 ____D C:\Collection
2012-11-23 08:12 - 2012-11-23 08:12 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\New Folder
2012-11-23 07:19 - 2012-11-23 07:19 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-23 03:07 - 2012-04-10 21:47 - 00268808 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\census.cache
2012-11-23 03:06 - 2012-04-10 21:47 - 00209719 ____A C:\Documents and Settings\Master Blaster\Local Settings\Application Data\ars.cache
2012-11-22 11:55 - 2012-11-22 11:55 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\song_data
2012-11-22 10:05 - 2011-11-03 19:41 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Akamai
2012-11-22 09:19 - 2010-02-21 06:45 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-22 08:40 - 2010-04-15 05:02 - 00000000 __HDC C:\Windows\$NtUninstallKB980232$
2012-11-22 08:23 - 2009-12-12 22:32 - 00000000 ____D C:\Program Files\Google
2012-11-22 08:22 - 2012-11-15 06:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2761226$
2012-11-22 07:51 - 2011-07-18 00:51 - 00000000 ____D C:\Program Files\Zune
2012-11-22 07:46 - 2009-12-12 22:32 - 00000000 ____D C:\Documents and Settings\Master Blaster\Local Settings\Application Data\Google
2012-11-22 07:41 - 2012-11-22 07:35 - 79108767 ____A C:\Documents and Settings\Master Blaster\Desktop\012-11-22.flv
2012-11-22 03:52 - 2012-11-22 03:52 - 00110592 ____A C:\Windows\Minidump\Mini112212-01.dmp
2012-11-22 03:52 - 2009-12-13 07:25 - 00000000 ____D C:\Windows\Minidump
2012-11-22 03:31 - 2012-11-22 02:41 - 00000000 ____D C:\Program Files\Real
2012-11-22 03:31 - 2012-11-22 02:41 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\Real
2012-11-22 03:31 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
2012-11-22 03:22 - 2012-10-30 05:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-11-22 03:13 - 2010-09-29 00:19 - 00001984 ____A C:\Windows\System32\d3d9caps.dat
2012-11-22 03:09 - 2012-11-22 02:44 - 00000000 ____D C:\Documents and Settings\Master Blaster\.frostwire5
2012-11-22 02:45 - 2012-11-22 02:44 - 00000000 ____D C:\Documents and Settings\Master Blaster\My Documents\FrostWire
2012-11-22 02:41 - 2003-03-19 01:14 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-11-22 02:41 - 2003-02-21 07:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-11-22 02:40 - 2012-11-22 02:40 - 00000000 ____D C:\Documents and Settings\Master Blaster\Application Data\OpenCandy
2012-11-22 02:15 - 2010-03-10 04:09 - 00000000 ____D C:\Program Files\PeerBlock
2012-11-22 00:37 - 2012-10-27 23:52 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\volcano
2012-11-19 14:00 - 2012-11-19 14:00 - 15401600 ____A C:\240P_400K_6203321[3].mp4
2012-11-19 13:57 - 2012-11-19 13:55 - 43588603 ____A C:\240P_352K_5225320-2012-11-19.mp4
2012-11-19 13:56 - 2012-11-19 13:56 - 06350273 ____A C:\general01_H_6493301_01-2012-11-19.mp4
2012-11-19 13:53 - 2012-11-19 13:53 - 11501318 ____A C:\1396_2000-2012-11-19.mp4
2012-11-19 12:16 - 2012-11-19 12:17 - 00110592 ____A C:\Windows\Minidump\Mini111912-01.dmp
2012-11-15 06:51 - 2009-12-10 14:36 - 03449912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 06:08 - 2009-12-11 14:24 - 64010424 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-15 06:07 - 2012-11-15 06:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2012-11-15 06:07 - 2012-11-15 03:01 - 00011727 ____A C:\Windows\KB2727528.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00177212 ____A C:\Windows\iis6.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00166931 ____A C:\Windows\FaxSetup.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00079812 ____A C:\Windows\ocgen.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00076167 ____A C:\Windows\tsoc.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00054570 ____A C:\Windows\comsetup.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00050000 ____A C:\Windows\msmqinst.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00033166 ____A C:\Windows\ntdtcsetup.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00029241 ____A C:\Windows\netfxocm.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00011475 ____A C:\Windows\MedCtrOC.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00009234 ____A C:\Windows\ocmsn.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00008397 ____A C:\Windows\tabletoc.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00008181 ____A C:\Windows\msgsocm.log
2012-11-15 06:07 - 2012-05-12 05:02 - 00001393 ____A C:\Windows\imsins.log
2012-11-15 06:06 - 2012-11-15 03:01 - 00013180 ____A C:\Windows\KB2761226.log
2012-11-15 06:06 - 2009-12-10 14:37 - 00001393 ____A C:\Windows\imsins.BAK
2012-11-15 03:01 - 2009-12-11 08:23 - 00000000 ___HD C:\Windows\$hf_mig$
2012-11-14 04:20 - 2012-11-14 04:20 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\DWP
2012-11-14 04:02 - 2009-12-12 16:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2012-11-13 21:23 - 2012-04-02 04:05 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-11-13 21:23 - 2011-05-17 05:58 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-11-09 20:15 - 2012-09-02 19:17 - 00000000 ____D C:\Documents and Settings\Master Blaster\Desktop\select
2012-11-08 05:43 - 2011-06-24 03:09 - 00000000 ____D C:\mafa
2012-11-08 05:19 - 2012-11-08 05:19 - 00000000 ____D C:\Program Files\WS_FTP
2012-11-08 05:19 - 2009-12-10 23:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-11-08 05:19 - 2001-08-23 07:00 - 00000656 ____A C:\Windows\win.ini
2012-11-07 22:12 - 2012-07-24 08:55 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-07 22:12 - 2012-04-10 19:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-06 19:49 - 2012-06-30 00:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-11-30 03:45 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP219

RP: -> 2012-11-29 03:04 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP218

RP: -> 2012-11-29 01:07 - 024576 _restore{2205B7A6-1EB9-495A-B8BD-4B1F24159255}\RP217

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 2047.17 MB
Available physical RAM: 1790.75 MB
Total Pagefile: 1877.82 MB
Available Pagefile: 1817.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.18 MB

==================== Partitions =============================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:127.99 GB) (Free:1.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (SATA) (Fixed) (Total:149.04 GB) (Free:0.88 GB) NTFS
5 Drive e: (New Volume) (Fixed) (Total:570.65 GB) (Free:0.18 GB) NTFS
6 Drive f: (SATA) (Fixed) (Total:149.05 GB) (Free:0.23 GB) NTFS
7 Drive g: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
8 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 699 GB 0 B
Disk 1 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 128 GB 32 KB
Partition 2 Primary 571 GB 128 GB
=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 128 GB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E New Volume NTFS Partition 571 GB Healthy
=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 32 KB
Partition 2 Primary 149 GB 149 GB
=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D SATA NTFS Partition 149 GB Healthy
=========================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F SATA NTFS Partition 149 GB Healthy
=========================================================
==================== End Of Log ============================

Jay Pfoutz · Dec 6, 2012

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Master Blaster\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Master Blaster\Application Data\skype.dat [87911 2010-12-09] ()
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter OTLPE as before...

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

SledgeProne · Dec 6, 2012

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-12-2012
Ran by SYSTEM at 2012-12-06 08:45:17 Run:2
Running from G:\
==============================================
HKEY_USERS\Master Blaster\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
==== End of Fixlog ====

Nice work Jay!
Back online with this system, which booted up fine. So far so good, with a strong urge to install an AV program.
Next move?

Jay Pfoutz · Dec 7, 2012

Run ComboFix first below...

ComboFix scan

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Find new antivirus here: http://secureconnexion.wordpress.com/2012/06/14/antivirus-software-toplist-top-20-summer-2012/

SledgeProne · Dec 7, 2012

ComboFix 12-12-07.01 - Master Blaster 12/07/2012 18:29:50.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1290 [GMT -8:00]
Running from: c:\documents and settings\Master Blaster\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Master Blaster\Application Data\skype.dat
c:\documents and settings\Master Blaster\Application Data\skype.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-03 07:55 . 2012-12-03 07:55 -------- d-----w- C:\FRST
2012-11-29 08:05 . 2012-11-29 08:05 -------- d-----w- c:\program files\GPLGS
2012-11-29 08:04 . 2012-09-12 23:32 88688 ----a-w- c:\windows\system32\cpwmon2k.dll
2012-11-23 12:19 . 2012-11-23 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-22 07:44 . 2012-11-22 08:09 -------- d-----w- c:\documents and settings\Master Blaster\.frostwire5
2012-11-22 07:41 . 2012-11-22 08:31 -------- d-----w- c:\program files\Real
2012-11-22 07:40 . 2012-11-22 07:40 -------- d-----w- c:\documents and settings\Master Blaster\Application Data\OpenCandy
2012-11-19 20:23 . 2012-11-25 20:14 -------- d-----w- c:\documents and settings\Master Blaster\Local Settings\Application Data\ProtectedData
2012-11-08 10:19 . 2012-11-08 10:19 -------- d-----w- c:\program files\WS_FTP
2012-11-08 10:19 . 2003-09-03 10:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-11-08 10:19 . 2003-09-03 10:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-11-08 10:19 . 2003-09-03 10:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-11-08 10:19 . 2003-09-03 10:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-11-08 10:19 . 2003-09-03 10:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-11-08 10:19 . 2012-11-08 10:19 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-11-08 10:19 . 2012-11-08 10:19 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 07:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-22 07:41 . 2003-03-19 06:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-14 02:23 . 2012-04-02 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:23 . 2011-05-17 10:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2001-08-23 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 17:33 . 2012-07-12 09:33 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-08 23:23 . 2012-10-08 23:23 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 23:23 . 2012-10-08 23:23 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-08 23:23 . 2012-04-21 22:21 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 23:23 . 2012-04-21 22:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-02 18:04 . 2001-08-23 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 03:54 . 2012-04-11 00:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-30 10:35 . 2012-10-30 10:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 19:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 20:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 22:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Akamai NetSession Interface"="c:\documents and settings\Master Blaster\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 98304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-06-10 3225144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2012-06-10 02:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"Updater Service for StartNow Toolbar"=2 (0x2)
"ImapiService"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"cdloader"="c:\documents and settings\Master Blaster\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Master Blaster\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [8/12/2010 2:46 AM 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [8/12/2010 2:46 AM 20616]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [6/19/2011 4:05 AM 51640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/23/2001 4:00 AM 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [8/19/2011 9:42 PM 57344]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1/30/2011 12:16 PM 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/21/2012 9:24 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 4:17 PM 676936]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [1/18/2012 2:31 AM 101392]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [8/12/2010 2:46 AM 122504]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 9:30 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 9:30 AM 12184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 4:17 PM 22856]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [8/12/2010 2:46 AM 14216]
S4 ubsvve;ubsvve;c:\windows\system32\drivers\tnloa.sys [9/14/2010 11:06 PM 54016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
vet-filt
lvpopflt
mcredirector
bc_pat_f
rismxdp
UPATC
CTDevice_Srv
imountsrv
vstor2-ws60
awhost32
protectionservice
ovt519
lxcf_device
CBN
Bcim
fsaa
fasttrackinstallerservice
comhost
DVDRC
StkASSrv
s116obex
ltmodem5
PSSdk21
hpqwmiex
k750mgmt
pav_security
TIEHDUSB
ctdvda2k
ctxcpubal
ofcpfwsvc
ccproxy
G400DH
atinevxx
ashampoodefragservice
agnwifi
SRTSPL
keriomailserver
wmccdsls
aolavupd
hsxhwazl
MSMQ
tng-dts
tng-dtmg
F700iat
arrayssl_vpn_service3,0,1,9
pdlnatdl
atkdisplf
tga
AsusACPI
mqdmbus
GMSIPCI
ANC
wwsecsvc
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
napagent
hkmsvc
wuauserv
uploadmgr
ip6fwhlp
mhn
sacsvr
trksvr
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
.
2012-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:23]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-27 07:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: thephins.com\www
Trusted Zone: tube8.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=44444&tt=3812_7&babsrc=KW_clro&mntrId=f81deddd000000000000001e90e94f32&q=
FF - ExtSQL: 2012-11-04 10:04; freehdsport@freehdsport.tv; c:\documents and settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: !HIDDEN! 2010-02-22 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.10:08
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef -
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
.
------- File Associations -------
.
.txt=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-07 18:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24851210-fc14-4b19-812b-d9133aea46a2}]
@Denied: (Full) (Everyone)
"Model"=dword:0000006a
"Therad"=dword:0000001e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0f,97,2f,57,31,e5,f7,f5,ae,6e,91,35,40,51,ee,d8,1c,63,4d,97,f6,
f7,49,aa,01,84,04,4a,f0,68,42,14,0b,0c,db,ea,27,fb,fd,07,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-12-07 18:37:09
ComboFix-quarantined-files.txt 2012-12-08 02:37
ComboFix2.txt 2012-11-29 08:24
ComboFix3.txt 2012-11-25 20:17
ComboFix4.txt 2012-06-04 05:07
.
Pre-Run: 1,644,785,664 bytes free
Post-Run: 1,690,169,344 bytes free
.
- - End Of File - - F1E4BEF25D8FAB70C6B68E50159C7A7

Had a recent Combofix.exe we used last week, but I downloaded a new one just in case.
Thanks for the informative link on A/V apps! Used to have Kasp, and was a deal with two licenses.
Leaving on business tonight, but will check back here, and pick up on monday, have a great weekend Jay!

Jay Pfoutz · Dec 8, 2012

Okay, when you come back:

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the JRT.txt log into your next message.

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Delete.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

RogueKiller Scan

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

SledgeProne · Dec 10, 2012

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.0.4 (12.09.2012:4)
OS: Microsoft Windows XP x86
Ran by Master Blaster on Mon 12/10/2012 at 3:59:26.48
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-343818398-1454471165-839522115-1003\software\microsoft\internet explorer\searchscopes\\DefaultScope

~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\crossrider"
Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"
Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon"
Successfully deleted: [Registry Key] "hkey_local_machine\software\babylontoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\prod.cap"
Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0d7562ae-8ef6-416d-a838-ab665251703a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0d7562ae-8ef6-416d-a838-ab665251703a}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

~~~ Files

~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\installmate"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\wecarereminder"
Successfully deleted: [Folder] "C:\Documents and Settings\Master Blaster\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Master Blaster\Application Data\opencandy"
Successfully deleted: [Folder] "C:\Documents and Settings\Master Blaster\Application Data\vghd"
Successfully deleted: [Folder] "C:\Program Files\babylon"

~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Documents and Settings\Master Blaster\Application Data\mozilla\firefox\profiles\r52wkqpj.default\user.js
Successfully deleted: [Folder] C:\Documents and Settings\Master Blaster\Application Data\mozilla\firefox\profiles\r52wkqpj.default\extensions\oneclickdownload@oneclickdownload.com
Successfully deleted the following from C:\Documents and Settings\Master Blaster\Application Data\mozilla\firefox\profiles\r52wkqpj.default\prefs.js
user_pref("browser.newtab.url", "http://www.claro-search.com/?affID=..._clro&mntrId=f81deddd000000000000001e90e94f32");
user_pref("browser.search.defaultenginename", "Claro Search");
user_pref("browser.search.order.1", "Claro Search");
user_pref("browser.search.selectedEngine", "Claro Search");
user_pref("extensions.50af78b49654b.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,sear
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.autoRvrt", "false");
user_pref("extensions.claro.cntry", "US");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.envrmnt", "production");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.hdrMd5", "");
user_pref("extensions.claro.hmpg", false);
user_pref("extensions.claro.instlRef", "");
user_pref("extensions.claro.isdcmntcmplt", false);
user_pref("extensions.claro.lastVrsnTs", "1.6.4.10:08:21");
user_pref("extensions.claro.mntrvrsn", "1.3.1");
user_pref("extensions.claro.newTab", false);
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.propectorlck", 86915764);
user_pref("extensions.claro.prtkhmpg", 1);
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.sg", "none");
user_pref("extensions.claro.smplGrp", "none");
user_pref("extensions.claro.tlbrId", "claro");
user_pref("extensions.claro.vrsnTs", "1.6.4.10:08:21");
user_pref("extensions.claro.vrsni", "1.6.4.1");
user_pref("extensions.claro_i.newTab", false);
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.6.4.10:08:21");
user_pref("extensions.crossrider.bic", "139ec73fb84285e57fc465073d3ca9aa");
user_pref("extensions.toolbar.mindspark._64Members_.homepage", "http://home.mywebsearch.com/index.j...16-0772F0F7CED0&n=77df4889&ptnrS=XPxdm032BAus&
user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2011121801");
user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm032BAus");
user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "3542443");
user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "35A70B26-9365-43A4-AC16-0772F0F7CED0");
user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1334503721930");
user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "90001");
user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
user_pref("keyword.URL", "http://www.claro-search.com/?affID=...lro&mntrId=f81deddd000000000000001e90e94f32&q=");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/10/2012 at 4:04:12.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v2.100 - Logfile created 12/10/2012 at 04:51:18
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Master Blaster - ENDLESS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Master Blaster\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Master Blaster\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Master Blaster\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\PricePeep
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\Software\SweetIM
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Documents and Settings\Master Blaster\Application Data\Mozilla\Firefox\Profiles\r52wkqpj.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9z052b5a.default\prefs.js
Found : user_pref("extensions.crossriderapp12555.adsOldValue", -1);
*************************
AdwCleaner[R1].txt - [2659 octets] - [10/12/2012 04:51:18]
########## EOF - C:\AdwCleaner[R1].txt - [2719 octets] ##########

RogueKiller V8.3.2 [Dec 10 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Master Blaster [Admin rights]
Mode : Remove -- Date : 12/10/2012 05:23:32
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD7500AADS-00L5B1 +++++
--- User ---
[MBR] 583066a49ae6b9ce65b685acba7d4b96
[BSP] f0fedd78de29e3e61545662f38fb9b9e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131061 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268414020 | Size: 584340 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD3200AAKS-00B3A0 +++++
--- User ---
[MBR] fdde5365bc7c4ae6f79655188adf9dc3
[BSP] 51f6fef3ed29886b80ef5df4dc470107 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 312560640 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_12102012_02d0523.txt >>
RKreport[1]_S_12102012_02d0520.txt ; RKreport[2]_D_12102012_02d0523.txt

Jay Pfoutz · Dec 10, 2012

Good job! Check for remnants...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

SledgeProne · Dec 11, 2012

C:\Qoobox\Quarantine\C\Documents and Settings\Master Blaster\Application Data\skype.dat.vir a variant of Win32/Injector.ZRQ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Master Blaster\Desktop\Setup.exe.vir a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Master Blaster\Local Settings\Application Data\ProtectedData\hkrlfnhn.dll.vir Win32/Boaxxe.G trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_04.14.45\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.11.2012_23.51.02\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

Attempting a trial install of Kasp A/V, which is requiring me to remove conflicting uninstalled remnants from former A/V editions, its pre-install scanning found. I've already used an AVG removal tool in doing so, but apparently the Trend Micro cleaner tool needs to be "Titanium" specific. Otherwise, the system seems to be running optimal, with no lingering effects from our once troublesome rodent/s.
Also, there appear to be some remainng folders of recently installed cleaner tools (FSRT, JRT, Qoobox) in C drive. Should those be deleted?

Jay Pfoutz · Dec 11, 2012

Yes delete those. Do you need to get rid of Trend Micro Titanium?

Would this work for you: http://esupport.trendmicro.com/solution/en-us/1037161.aspx

SledgeProne · Dec 13, 2012

Huge thanks!
Finally got Kasp installed. Machine is stable and running great!

Always impressive to watch the systematic extermination of these nefarious infections.
If theres ever any sense of atonement to be had out of defeating this pestilence on a daily basis,
I expect a fix like this would appropriately be deemed a "headshot".

My applause and appreciation, to the malware mashing maelstrom, DragonMaster Jay!

start

HKU\Master Blaster\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Master Blaster\Application Data\skype.dat [87911 2010-12-09] ()

end

Jay Pfoutz · Dec 14, 2012

Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.
A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

SledgeProne · Dec 16, 2012

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 2.0.2
TuneUp Utilities 2009
CCleaner
Java(TM) 6 Update 31
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.5.502.135
Mozilla Firefox 16.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Whats SSD? (Do NOT defrag if SSD!)

SledgeProne · Dec 16, 2012

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
TuneUp Utilities 2009
CCleaner
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Went ahead and uninstalled Hijack This, updated everything else listed, and still not sure what SSD is.

Jay Pfoutz · Dec 16, 2012

It means Solid State Drive, a type of newer hard drive that doesn't use disks, but rather flash memory.

Jay Pfoutz · Dec 20, 2012

Topic solved.

Solved One large rat trap please

SledgeProne

Posts: 91 +0

Jay Pfoutz

Posts: 4,279 +49

SledgeProne

Posts: 91 +0

Jay Pfoutz

Posts: 4,279 +49

SledgeProne

Posts: 91 +0

Jay Pfoutz

Posts: 4,279 +49

SledgeProne

Posts: 91 +0

Jay Pfoutz

Posts: 4,279 +49

SledgeProne

Posts: 91 +0

Jay Pfoutz

Posts: 4,279 +49

SledgeProne

Posts: 91 +0

Jay Pfoutz

Posts: 4,279 +49

SledgeProne

Posts: 91 +0

SledgeProne

Posts: 91 +0

Jay Pfoutz

Posts: 4,279 +49

Jay Pfoutz

Posts: 4,279 +49

Similar threads

Latest posts