Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HTTPS Tidserv Request 2 [Solved]


  • This topic is locked This topic is locked

#1
Arewa

Arewa

    Member

  • Member
  • PipPip
  • 15 posts
I keep getting this intrusion attempt blocked by Norton. I have checked a few posts with the same problem and went through the process of downloading Combofix.exe which was done successfully. Thereafter i downloaded MMalwarebytes' Anti-Malware 1.46

Database version: 4060

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

03/05/2010 01:02:33
mbam-log-2010-05-03 (01-02-33).txt

Scan type: Quick scan
Objects scanned: 155482
Time elapsed: 12 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
BAM which performed a scan with the following result
----------------------------------------------------

Scan this morning again with the folowing log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4060

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

03/05/2010 13:57:45
mbam-log-2010-05-03 (13-57-45).txt

Scan type: Quick scan
Objects scanned: 159551
Time elapsed: 15 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I then tried to run a quick scan with Kaspersky but its been very slow and has not finished scanning as yet.
I discovered that the Tisderv is still coming up. Initially it was newplayer[1]Trojan Pidief so please help.
Thanks.
  • 0

Advertisements


#2
Arewa

Arewa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I now have a copy of Kaspersky scan report. See below.
It appears there are 5 infected files, what can I do please to remove or cure these files please, Really appreciate your assistance.



ASPERSKY ONLINE SCANNER 7.0: scan report
Monday, May 3, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, May 03, 2010 08:41:36
Records in database: 4035915
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 157197
Threats found: 5
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 05:15:32


File name / Threat / Threats count
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\31\5637119f-187dda00 Infected: Exploit.Java.CVE-2009-3867.gen 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\31\5637119f-187dda00 Infected: Trojan-Downloader.Java.Agent.cd 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\31\5637119f-187dda00 Infected: Trojan-Downloader.Java.OpenStream.al 1
C:\Documents and Settings\Owner\My Documents\Boduns Work\Programs\BearShareV7.exe Infected: not-a-virus:AdWare.Win32.Shopper.ax 1
C:\WINDOWS\system32\$sys$filesystem\crater.sys Infected: Trojan.Win32.DNSChanger.gtb 1

Selected area has been scanned.
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you post the combofix log ? It should be in C:\
  • 0

#4
Arewa

Arewa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the log. Many thanks.

ComboFix 10-05-02.01 - Owner 02/05/2010 23:34:01.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2160 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\cache\english\metallic2006.dat
c:\program files\INSTALL.LOG
c:\program files\WindowsUpdate
C:\Thumbs.db
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.58\dinerdash.exe
c:\windows\system32\winsusrm.dll
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_$SYS$ARIES
-------\Legacy_$SYS$DRMSERVER
-------\Legacy_BOONTY_GAMES
-------\Legacy_CD_PROXY
-------\Service_$sys$DRMServer
-------\Service_Boonty Games
-------\Service_CD_Proxy


((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-02 22:29 . 2008-04-13 18:39 23040 -c--a-w- c:\windows\system32\dllcache\mouclass.sys
2010-05-02 22:29 . 2008-04-13 18:39 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-25 21:17 . 2010-04-25 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 23:15 . 2010-02-20 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-05-02 23:15 . 2008-11-15 13:16 -------- d-----w- c:\program files\Steam
2010-05-02 19:59 . 2004-03-04 19:40 -------- d-----w- c:\program files\Sonic
2010-05-02 19:58 . 2006-05-29 12:23 -------- d-----w- c:\program files\Google
2010-05-02 19:56 . 2009-08-31 18:48 -------- d-----w- c:\program files\Cheat Engine
2010-04-21 07:32 . 2008-11-13 18:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sports Interactive
2010-04-01 18:58 . 2010-04-01 18:21 -------- d-----w- c:\program files\New Star Soccer 3
2010-03-25 15:52 . 2004-06-30 13:39 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-12 18:34 . 2010-03-12 18:33 -------- d-----w- c:\program files\iTunes
2010-03-12 18:33 . 2010-03-12 18:33 -------- d-----w- c:\program files\iPod
2010-03-12 18:33 . 2007-06-30 19:56 -------- d-----w- c:\program files\Common Files\Apple
2010-03-11 12:38 . 2004-02-06 17:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-07-16 20:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2003-07-16 20:34 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 20:17 . 2010-02-20 20:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-17 08:10 . 2003-07-16 20:39 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-21 12:12 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2003-07-10 11:19 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-06-30 15:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2005-10-01 16:50 . 2005-10-01 16:50 774144 -c--a-w- c:\program files\RngInterstitial.dll
2002-12-27 17:44 . 2007-02-15 21:45 1653850 -c--a-w- c:\program files\JAY Z.WAV
2007-08-11 20:55 . 2006-01-01 17:15 56 -csh--r- c:\windows\system32\C9BA080E9E.sys
2007-08-11 20:57 . 2006-01-01 17:15 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Steam"="c:\program files\steam\steam.exe" [2010-04-27 1238352]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-25 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^wkcalrem.LNK]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\wkcalrem.LNK
backup=c:\windows\pss\wkcalrem.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 01:04 114741 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-01-23 09:31 126976 -c--a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-01-23 09:36 155648 -c--a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2002-05-03 10:40 4341760 ----a-w- c:\program files\Alcatel\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-12-06 21:31 36975 -c--a-w- c:\program files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 00:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\All of our junk\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [31/03/2010 23:32 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [31/03/2010 23:32 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [30/03/2010 11:40 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [31/03/2010 23:32 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [31/03/2010 23:32 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [31/03/2010 23:32 126392]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [25/12/2009 14:05 90112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16/12/2009 20:20 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSXpx86.sys [27/04/2010 08:22 329592]
S0 $sys$cor;$sys$cor;c:\windows\system32\Drivers\$sys$cor.sys --> c:\windows\system32\Drivers\$sys$cor.sys [?]
S1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [07/10/2004 08:57 11776]
S2 gupdate1c9d4beefa7f46a;Google Update Service (gupdate1c9d4beefa7f46a);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 19:08 133104]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\DRIVERS\hpusbwdm.sys --> c:\windows\system32\DRIVERS\hpusbwdm.sys [?]
S3 o1394bul;o1394bul;\??\c:\docume~1\Owner\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Owner\LOCALS~1\Temp\o1394bul.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [25/12/2009 14:06 86824]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [25/12/2009 13:56 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [25/12/2009 13:56 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [25/12/2009 13:56 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [25/12/2009 13:56 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [25/12/2009 13:56 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [25/12/2009 13:56 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [25/12/2009 13:56 109864]
.
Contents of the 'Scheduled Tasks' folder

2010-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 18:07]

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 18:07]

2010-04-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Engine\17.6.0.32\navw32.exe [2010-03-31 23:51]

2010-05-02 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 12:50]

2010-05-02 c:\windows\Tasks\User_Feed_Synchronization-{C8E2C924-B294-4337-8081-4DDB2279169D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.bbc.co.uk/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://us.download.boonty.com/webgames/DinerDash/DinerDash.1.0.0.58.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DVDBitSet - c:\program files\HP DVD\Umbrella\DVDBitSet.exe
MSConfigStartUp-DVDTray - c:\program files\HP DVD\Umbrella\DVDTray.exe
MSConfigStartUp-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-msnappau - c:\program files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
MSConfigStartUp-sixtysix - c:\windows\sixtypopsix.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
AddRemove-4U AVI MPEG Converter_is1 - c:\documents and settings\Owner\My Documents\My Videos\Premier League\4U MPEG CONVERTER\AVI MPEG Converter\unins000.exe
AddRemove-Active GIF Creator 2.23 - c:\documents and settings\Owner\My Documents\Important Files\Bodinho\Download\Active GIF Creator 2.23\uninstall.exe
AddRemove-AVI MPEG Converter 3 - c:\documents and settings\Owner\My Documents\POOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO\AVI MPEG Converter 3\Uninstall.exe
AddRemove-Sony Ericsson Themes Creator - c:\docume~1\Owner\MYDOCU~1\BODUN'~1\Clips So Far\Emblems\New Folder\Themes Creator\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 00:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R??D~0?A~????*?A~??A~?|????C~????m???H???????????????l???l???????]?A~??C~????m???H???????????????k!?s??A~??A~8??????????w??????A~h^i???????A~???????w??A~???????s????W?D~??A~??????A~???w8??????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AA51EE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74c6852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7840bb0
PacketIndicateHandler -> NDIS.sys @ 0xf784da21
SendHandler -> NDIS.sys @ 0xf782b87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1028)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3968)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\CTsvcCDA.EXE
c:\windows\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-05-03 00:31:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-02 23:31

Pre-Run: 47,736,532,992 bytes free
Post-Run: 49,495,519,232 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

- - End Of File - - E04C5222FAEC5D97A98284A066CFD43E
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo...-2-t275939.html

Collect::
C:\Documents and Settings\Owner\My Documents\Boduns Work\Programs\BearShareV7.exe
C:\WINDOWS\system32\$sys$filesystem\crater.sys
c:\windows\system32\browserchoice.exe
c:\windows\system32\Drivers\$sys$cor.sys
c:\windows\system32\$sys$filesystem\crater.sys
Driver::
$sys$cor
$sys$crater

KillAll::

TDL::
c:\windows\system32\drivers\mouclass.sys
Suspect::


Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

  • 0

#6
Arewa

Arewa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Where can I find notepad ...on the c drive
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Click Start > Run > Type notepad.exe > Click ok

Notepad should launch
  • 0

#8
Arewa

Arewa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the report

ComboFix 10-05-04.01 - Owner 04/05/2010 20:56:50.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2172 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack :)
Infected copy of c:\windows\system32\DRIVERS\mouclass.sys was found and disinfected
Restored copy from - Kitty ate it :)
Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_$sys$cor
-------\Service_$sys$crater


((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-03 12:24 . 2010-05-03 12:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-02 23:48 . 2010-05-02 23:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-05-02 23:48 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-02 23:48 . 2010-05-02 23:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 23:48 . 2010-05-02 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-02 23:48 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-02 22:29 . 2008-04-13 18:39 23040 -c--a-w- c:\windows\system32\dllcache\mouclass.sys
2010-05-02 22:29 . 2008-04-13 18:39 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-25 21:17 . 2010-04-25 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 20:15 . 2010-02-20 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-05-04 20:14 . 2008-11-15 13:16 -------- d-----w- c:\program files\Steam
2010-05-03 12:23 . 2006-08-12 16:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-02 19:59 . 2004-03-04 19:40 -------- d-----w- c:\program files\Sonic
2010-05-02 19:58 . 2006-05-29 12:23 -------- d-----w- c:\program files\Google
2010-05-02 19:56 . 2009-08-31 18:48 -------- d-----w- c:\program files\Cheat Engine
2010-04-21 07:32 . 2008-11-13 18:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sports Interactive
2010-04-01 18:58 . 2010-04-01 18:21 -------- d-----w- c:\program files\New Star Soccer 3
2010-03-25 15:52 . 2004-06-30 13:39 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-12 18:34 . 2010-03-12 18:33 -------- d-----w- c:\program files\iTunes
2010-03-12 18:33 . 2010-03-12 18:33 -------- d-----w- c:\program files\iPod
2010-03-12 18:33 . 2007-06-30 19:56 -------- d-----w- c:\program files\Common Files\Apple
2010-03-11 12:38 . 2004-02-06 17:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-07-16 20:49 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 02:23 . 2010-03-31 22:32 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-02-27 02:23 . 2010-03-31 22:32 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-02-25 23:22 . 2010-03-31 22:32 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-02-24 13:11 . 2003-07-16 20:34 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 20:17 . 2010-02-20 20:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-17 08:10 . 2003-07-16 20:39 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-21 12:12 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2003-07-10 11:19 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2003-06-30 15:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-04 01:40 . 2010-03-31 22:32 362032 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-02-04 01:40 . 2010-03-31 22:32 172592 ----a-w- c:\windows\system32\drivers\symefa.sys
2005-10-01 16:50 . 2005-10-01 16:50 774144 -c--a-w- c:\program files\RngInterstitial.dll
2002-12-27 17:44 . 2007-02-15 21:45 1653850 -c--a-w- c:\program files\JAY Z.WAV
2007-08-11 20:55 . 2006-01-01 17:15 56 -csh--r- c:\windows\system32\C9BA080E9E.sys
2007-08-11 20:57 . 2006-01-01 17:15 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Steam"="c:\program files\steam\steam.exe" [2010-04-27 1238352]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-25 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^wkcalrem.LNK]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\wkcalrem.LNK
backup=c:\windows\pss\wkcalrem.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 01:04 114741 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-01-23 09:31 126976 -c--a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-01-23 09:36 155648 -c--a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2002-05-03 10:40 4341760 ----a-w- c:\program files\Alcatel\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-12-06 21:31 36975 -c--a-w- c:\program files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 00:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\All of our junk\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [31/03/2010 23:32 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [31/03/2010 23:32 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [30/03/2010 11:40 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [31/03/2010 23:32 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [31/03/2010 23:32 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [31/03/2010 23:32 126392]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [25/12/2009 14:05 90112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16/12/2009 20:20 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100429.001\IDSXpx86.sys [04/05/2010 13:33 329592]
S2 gupdate1c9d4beefa7f46a;Google Update Service (gupdate1c9d4beefa7f46a);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 19:08 133104]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\DRIVERS\hpusbwdm.sys --> c:\windows\system32\DRIVERS\hpusbwdm.sys [?]
S3 o1394bul;o1394bul;\??\c:\docume~1\Owner\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Owner\LOCALS~1\Temp\o1394bul.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [25/12/2009 14:06 86824]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [25/12/2009 13:56 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [25/12/2009 13:56 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [25/12/2009 13:56 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [25/12/2009 13:56 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [25/12/2009 13:56 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [25/12/2009 13:56 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [25/12/2009 13:56 109864]
.
Contents of the 'Scheduled Tasks' folder

2010-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 18:07]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 18:07]

2010-05-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Engine\17.6.0.32\navw32.exe [2010-03-31 23:51]

2010-05-04 c:\windows\Tasks\Norton Security Scan for Owner.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 12:50]

2010-05-04 c:\windows\Tasks\User_Feed_Synchronization-{C8E2C924-B294-4337-8081-4DDB2279169D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.bbc.co.uk/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://us.download.boonty.com/webgames/DinerDash/DinerDash.1.0.0.58.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 21:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R??D~0?A~????*?A~??A~?|????C~????m???H???????????????l???l???????]?A~??C~????m???H???????????????k!?s??A~??A~8??????????w??????A~h^i???????A~???????w??A~???????s????W?D~??A~??????A~???w8??????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-573735546-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(552)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\CTsvcCDA.EXE
c:\windows\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-04 21:25:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-04 20:25
ComboFix2.txt 2010-05-02 23:31

Pre-Run: 49,552,379,904 bytes free
Post-Run: 49,669,795,840 bytes free

- - End Of File - - 898A88B4BB2D9FE371E8953494B52EA9
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do you recognise this file ?

c:\program files\JAY Z.WAV


Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    
    :Services
    
    :Reg
    
    :Files
    c:\windows\system32\browserchoice.exe
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#10
Arewa

Arewa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the report - just about to do the TFC , MBAM and Kaspersky bits


All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\browserchoice.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Abodunrin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 163907 bytes
->Flash cache emptied: 1433 bytes

User: Lola
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 213059 bytes
->Java cache emptied: 9096 bytes
->Flash cache emptied: 1734 bytes

User: others
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4651835 bytes
->Java cache emptied: 12495350 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 1941342 bytes
->Flash cache emptied: 911 bytes

User: PhotoBrowser

User: VideoMail

User: VideoMonitor

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes


Total Files Cleaned = 19.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.12.0 log created on 05042010_214726

Files moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K21VPMJS\HTTPS-Tidserv-Request-2-t275939[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K21VPMJS\iframe[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7PF8BCBD\ads[3].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_4dc.dat not found!

Registry entries deleted on Reboot...

Edited by Arewa, 04 May 2010 - 03:00 PM.

  • 0

Advertisements


#11
Arewa

Arewa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
MBAM report - Will proceed with Kaspersky

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4060

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

04/05/2010 22:18:57
mbam-log-2010-05-04 (22-18-57).txt

Scan type: Quick scan
Objects scanned: 155073
Time elapsed: 10 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
Arewa

Arewa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Proceeded with Kaspersky. Here's the result. Still found some bugs.

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 04, 2010 21:19:52
Records in database: 4049719
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 162697
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 04:52:26


File name / Threat / Threats count
C:\Documents and Settings\Owner\My Documents\Boduns Work\Programs\BearShareV7.exe Infected: not-a-virus:AdWare.Win32.Shopper.ax 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\kbdclass.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{57815FCB-4EBC-45A8-BB93-4D8A3247D108}\RP1188\A0310637.sys Infected: Rootkit.Win32.TDSS.ap 1
C:\WINDOWS\system32\$sys$filesystem\crater.sys Infected: Trojan.Win32.DNSChanger.gtb 1

Selected area has been scanned.
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    
    :Services
    
    :Reg
    
    :Files
    C:\Documents and Settings\Owner\My Documents\Boduns Work\Programs\BearShareV7.exe
    C:\WINDOWS\system32\$sys$filesystem\crater.sys
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  • 0

#14
Arewa

Arewa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the report as requested

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Owner\My Documents\Boduns Work\Programs\BearShareV7.exe moved successfully.
C:\WINDOWS\system32\$sys$filesystem\crater.sys moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Abodunrin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Lola
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: others
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 107833251 bytes
->Temporary Internet Files folder emptied: 51669798 bytes
->Java cache emptied: 135485 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 908 bytes

User: PhotoBrowser

User: VideoMail

User: VideoMonitor

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 18687807 bytes

Total Files Cleaned = 170.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.12.0 log created on 05052010_183931

Files moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RIVXCN3P\favicon[3].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RIVXCN3P\favicon[4].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\J5M9AW7I\ads[4].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\J5M9AW7I\favicon[2].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\J5M9AW7I\HTTPS-Tidserv-Request-2-t275939[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\J5M9AW7I\iframe[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_358.dat not found!

Registry entries deleted on Reboot...
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP