Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Persistent Virus/Malware preventing removal tools from running properl


  • This topic is locked This topic is locked

#1
dsxdawn

dsxdawn

    New Member

  • Member
  • Pip
  • 6 posts
Greetings forums! Ive been struggling with this particular issue for a week now. Any assistance/suggestions would be greatly appreciated. :[

[RKreport.txt , aswMBR.txt, MBR.dat , OTL.txt have been included to speed the process along]

Details/Symptoms :
- I'm using Windows Xp service pack 3, Home Edition if that matters
- this particular virus/malware strips my power of opening things when it feels threaten or I'm on to it. ["Windows can not access this specific file. You may not have permission to access this file."]
- non stop redirects and pop ups while surfing web
- closes any anti-virus program [MalwareBytes/KasperSky/Regcure] as soon as i start a scan
- svchost.exe is off the charts [ 500k~800k ++ of mem usage when i'm jut sitting there]
- a hidden log file named wodzmevjxa.tmp appears on the desktop as a hidden file and contains all my user-names/passwords [ it reappears despite the number of times i delete it.]


RogueKiller V6.1.0 [09/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Admin Shadow [Admin rights]
Mode: Remove -- Date : 09/23/2011 17:26:32

Bad processes: 2
[SUSP PATH] aswMBR.exe -- c:\documents and settings\admin shadow\desktop\aswmbr.exe -> KILLED [TermProc]
[SUSP PATH] OTL.exe -- c:\documents and settings\admin shadow\desktop\otl.exe -> KILLED [TermProc]

Registry Entries: 3
[SUSP PATH] HKUS\.DEFAULT[...]\Run : .minecraftUpdate (C:\Documents and Settings\Admin Shadow\Application Data\.minecraft\.minecraftUpdate\.minecraftupdt32.exe) -> DELETED
[SUSP PATH] HKUS\S-1-5-19[...]\Run : .minecraftUpdate (C:\Documents and Settings\Admin Shadow\Application Data\.minecraft\.minecraftUpdate\.minecraftupdt32.exe) -> DELETED
[SUSP PATH] HKUS\S-1-5-20[...]\Run : .minecraftUpdate (C:\Documents and Settings\Admin Shadow\Application Data\.minecraft\.minecraftUpdate\.minecraftupdt32.exe) -> DELETED

Particular Files / Folders:

Driver: [LOADED]
SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684DABC)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E48 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB68514BC)
SSDT[258] : NtTerminateThread @ 0x805D2BDC -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684D932)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684D9D2)
SSDT[255] : NtSystemDebugControl @ 0x806180BA -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB68509A8)
SSDT[254] : NtSuspendThread @ 0x805D48F4 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB6851994)
SSDT[253] : NtSuspendProcess @ 0x805D4A82 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685185A)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684C780)
SSDT[240] : NtSetSystemInformation @ 0x8060FD06 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB6851768)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB6850D14)
SSDT[230] : NtSetInformationToken @ 0x805FA7B4 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB68500BE)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684DDA2)
SSDT[210] : NtSecureConnectPort @ 0x805A3D64 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684EA78)
SSDT[207] : NtSaveKey @ 0x80625BCC -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684BE18)
SSDT[206] : NtResumeThread @ 0x805D49BA -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB6851B32)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684C1F8)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685081E)
SSDT[195] : NtReplyWaitReceivePort @ 0x805A64B4 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684F65C)
SSDT[194] : NtReplyPort @ 0x805A54EC -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684F796)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684BE80)
SSDT[192] : NtRenameKey @ 0x80623B12 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684CB96)
SSDT[180] : NtQueueApcThread @ 0x805D1276 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB6850F0A)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684C906)
SSDT[167] : NtQuerySection @ 0x805B85E0 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB6851618)
SSDT[161] : NtQueryMultipleValueKey @ 0x8062323E -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684CCDC)
SSDT[160] : NtQueryKey @ 0x80625810 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684D0A4)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684D728)
SSDT[126] : NtOpenSemaphore @ 0x80615148 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684F432)
SSDT[125] : NtOpenSection @ 0x805AA3EC -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB6851078)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684D836)
SSDT[120] : NtOpenMutant @ 0x80617776 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684F1F2)
SSDT[119] : NtOpenKey @ 0x806254CE -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684C62A)
SSDT[116] : NtOpenFile @ 0x8057A1A6 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684DF80)
SSDT[114] : NtOpenEvent @ 0x8060F04E -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684F312)
SSDT[111] : NtNotifyChangeKey @ 0x806262DE -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684D138)
SSDT[108] : NtMapViewOfSection @ 0x805B203A -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB68512DE)
SSDT[99] : NtLoadKey2 @ 0x80625F20 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684C458)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684C446)
SSDT[97] : NtLoadDriver @ 0x80584160 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB6850B76)
SSDT[84] : NtFsControlFile @ 0x805792A2 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684E46A)
SSDT[73] : NtEnumerateValueKey @ 0x80624BA6 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684D00C)
SSDT[71] : NtEnumerateKey @ 0x8062493C -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684CF74)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB6851C90)
SSDT[66] : NtDeviceIoControlFile @ 0x8057926E -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684E65C)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684CE28)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684CA74)
SSDT[57] : NtDebugActiveProcess @ 0x80643B30 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB6850A84)
SSDT[56] : NtCreateWaitablePort @ 0x805A5110 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684F0CC)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684DB86)
SSDT[51] : NtCreateSemaphore @ 0x8061504E -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684F39C)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684D390)
SSDT[46] : NtCreatePort @ 0x805A50EC -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684F036)
SSDT[44] : NtCreateNamedPipeFile @ 0x805790E2 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684D1E8)
SSDT[43] : NtCreateMutant @ 0x8061769E -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684F162)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684C46A)
SSDT[37] : NtCreateFile @ 0x805790A8 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684E1DA)
SSDT[35] : NtCreateEvent @ 0x8060EF4E -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684F27C)
SSDT[31] : NtConnectPort @ 0x805A45D0 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684ED32)
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684DEFE)
SSDT[11] : NtAdjustPrivilegesToken @ 0x805EC464 -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB684D5FA)
S_SSDT[552] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DC1C)
S_SSDT[549] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DBC4)
S_SSDT[529] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685E5CC)
S_SSDT[502] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DE22)
S_SSDT[491] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DF06)
S_SSDT[476] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DD6A)
S_SSDT[475] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DD16)
S_SSDT[460] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DDC2)
S_SSDT[416] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DCCA)
S_SSDT[414] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DF7E)
S_SSDT[383] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DC7E)
S_SSDT[378] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685DE70)
S_SSDT[312] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685E1FA)
S_SSDT[307] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685E71A)
S_SSDT[292] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685E0B6)
S_SSDT[237] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685E192)
S_SSDT[227] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685E122)
S_SSDT[13] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\klif.sys @ 0xB685E04C)

HOSTS File:

Finished : << RKreport[1].txt >>
RKreport[1].txt



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-23 17:30:39
-----------------------------
17:30:39.156 OS Version: Windows 5.1.2600 Service Pack 3
17:30:39.156 Number of processors: 2 586 0x407
17:30:39.156 ComputerName: X6X8-20100929VB UserName: Admin Shadow
17:30:40.468 Initialize success
17:31:02.109 AVAST engine defs: 11092301
17:31:07.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
17:31:07.578 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
17:31:09.625 Disk 0 MBR read successfully
17:31:09.625 Disk 0 MBR scan
17:31:09.687 Disk 0 Windows XP default MBR code
17:31:09.703 Disk 0 scanning sectors +156232125
17:31:09.781 Disk 0 scanning C:\WINDOWS\system32\drivers
17:31:39.296 Service scanning
17:31:41.531 Modules scanning
17:32:01.390 Disk 0 trace - called modules:
17:32:01.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:32:01.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a348ab8]
17:32:01.406 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a321b00]
17:32:02.578 AVAST engine scan C:\WINDOWS
17:32:02.765 File: C:\WINDOWS\1616094398:1096527007.exe **INFECTED** Win32:Sirefef-O [Rtk]
17:32:11.109 AVAST engine scan C:\WINDOWS\system32
17:36:31.921 File: C:\WINDOWS\system32\wscui32.dll **INFECTED** Win32:Malware-gen
17:36:56.234 AVAST engine scan C:\WINDOWS\system32\drivers
17:37:44.890 AVAST engine scan C:\Documents and Settings\Admin Shadow
17:38:48.671 File: C:\Documents and Settings\Admin Shadow\desktop\Winject.exe **INFECTED** Win32:Malware-gen
17:41:22.453 AVAST engine scan C:\Documents and Settings\All Users
17:41:25.671 File: C:\Documents and Settings\All Users\Application Data\AppleProfileOnline.dll **INFECTED** Win32:Tracur-ED [Trj]
17:49:47.781 Scan finished successfully
17:57:41.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin Shadow\Desktop\MBR.dat"
17:57:41.140 The log file has been saved successfully to "C:\Documents and Settings\Admin Shadow\Desktop\aswMBR.txt"


OTL logfile created on: 9/23/2011 5:31:48 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Admin Shadow\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 36.88% Memory free
2.10 Gb Paging File | 1.40 Gb Available in Paging File | 66.75% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 58.22 Gb Free Space | 78.15% Space Free | Partition Type: NTFS

Computer Name: X6X8-20100929VB | User Name: Admin Shadow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/23 17:19:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin Shadow\desktop\OTL.exe
PRC - [2011/09/23 17:01:38 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin Shadow\desktop\aswMBR.exe
PRC - [2011/09/06 21:13:09 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/09 19:20:08 | 000,529,744 | ---- | M] (Sunbelt Software) -- C:\VIPRERESCUE\VipreRescueScanner.exe
PRC - [2010/10/05 20:26:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008/04/14 05:00:00 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/20 16:06:06 | 000,193,904 | ---- | M] () -- C:\VIPRERESCUE\Definitions\libMachoUniv.dll
MOD - [2011/09/20 16:06:04 | 000,210,288 | ---- | M] () -- C:\VIPRERESCUE\Definitions\libBase64.dll
MOD - [2011/09/06 21:13:09 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/11/09 14:56:12 | 000,300,368 | ---- | M] () -- C:\VIPRERESCUE\vipre.dll
MOD - [2010/10/20 06:14:54 | 000,039,552 | ---- | M] () -- C:\Program Files\Universal Shield\US40Context.dll
MOD - [2010/10/16 21:18:40 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/03/14 20:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2005/08/26 12:43:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\dlcccfg.dll
MOD - [2005/04/01 09:44:16 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll
MOD - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/09/03 18:44:08 | 000,610,422 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJFReg.DLL
MOD - [2002/08/05 11:42:10 | 000,159,858 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\ThirdPartyManager.DLL
MOD - [2002/08/02 14:56:52 | 000,159,744 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\ssleay32_1-1-0_DDR.dll
MOD - [2002/08/02 14:56:44 | 000,663,552 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\libeay32_1-1-0_DDR.dll
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 16:30:36 | 000,532,594 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\xerces-c_1_40_0_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2005/10/28 05:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - [2011/09/23 17:26:55 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Documents and Settings\Admin Shadow\desktop\TrueSight.sys -- (TrueSight)
DRV - [2011/09/08 09:02:45 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\10509902.sys -- (10509902)
DRV - [2011/09/07 19:39:28 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/05/26 19:21:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/26 19:20:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/13 09:15:46 | 000,071,168 | ---- | M] (© Everstrike Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\US30XP.sys -- (US30Sys)
DRV - [2008/07/31 23:38:20 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/14 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008/04/13 17:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 17:10:28 | 000,057,600 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2007/10/12 23:40:58 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/10/12 23:40:58 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2007/05/24 18:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/24 18:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/02/07 20:30:30 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/18 09:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/02/26 08:03:02 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agpkx.sys -- (uliagpkx)
DRV - [2006/02/26 08:02:58 | 000,027,648 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp8p.sys -- (amdagp8p)
DRV - [2005/04/19 15:14:00 | 000,014,671 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2005/03/28 09:12:42 | 000,033,408 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ULiAGP.sys -- (ULiAGP)
DRV - [2004/10/18 02:12:00 | 000,027,648 | ---- | M] (Transmeta Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tmagp.sys -- (tmagp)
DRV - [2004/06/29 05:25:26 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\DontGo.sys -- (dontgo)
DRV - [2004/04/02 00:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/11/04 23:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/01 19:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/09 20:54:34 | 000,009,809 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\hptpro.sys -- (hptpro)
DRV - [2001/08/17 05:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 40 3B 00 BF 33 DF 40 AF 36 7D 0F FC 58 C6 92 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 40 3B 00 BF 33 DF 40 AF 36 7D 0F FC 58 C6 92 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 40 3B 00 BF 33 DF 40 AF 36 7D 0F FC 58 C6 92 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 40 3B 00 BF 33 DF 40 AF 36 7D 0F FC 58 C6 92 [binary data]

IE - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 40 3B 00 BF 33 DF 40 AF 36 7D 0F FC 58 C6 92 [binary data]
IE - HKU\S-1-5-21-1757981266-113007714-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {096fce39-df8c-49ad-a4ce-9ef4a875bb76}:1.0
FF - prefs.js..extensions.enabledItems: {3dd38bdd-3962-423d-8754-e3fc0d11387c}:1.0
FF - prefs.js..extensions.enabledItems: {e0711003-28ce-406e-9522-2b1df5240f82}:1.0
FF - prefs.js..extensions.enabledItems: {aabc33a4-599e-4207-8d5a-22df6acfa933}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.579
FF - prefs.js..keyword.URL: "http://home.speedbit...spx?aff=206&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NexonPlugWebExtension: C:\Documents and Settings\All Users\Application Data\Nexon\NexonPlug\npPlugWire_1.0.0.0.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\Documents and Settings\All Users\Application Data\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/09/07 20:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/09/21 17:13:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/09/07 20:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 18:09:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 15:51:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox

[2010/10/03 00:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Extensions
[2011/09/23 15:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions
[2010/12/19 19:55:39 | 000,000,000 | ---D | M] ("FiZiX's PointGAINER [Works with Firefox 3.6 - Lpok08]") -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{096fce39-df8c-49ad-a4ce-9ef4a875bb76}
[2010/10/27 03:03:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/30 20:32:39 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}
[2011/09/23 17:24:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}
[2011/07/01 09:58:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}
[2011/09/23 15:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/05 23:47:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/07 19:42:26 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/09/07 19:42:22 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2010/11/05 23:47:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/21 17:13:36 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\[email protected]
[2011/09/07 20:18:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\[email protected]
[2011/09/07 20:18:06 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\[email protected]
[2011/04/11 16:37:02 | 000,252,080 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\mozilla firefox\plugins\npdap.dll
[2010/11/05 23:47:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 01:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

Hosts file not found
O2 - BHO: (Reg Error: Value error.) - {003B40A9-33BF-40DF-AF36-7D0FFC58C692} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
O2 - BHO: (Reg Error: Value error.) - {0070BD20-49FA-4D4F-936E-B3D8FFB6ED72} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
O2 - BHO: (Reg Error: Value error.) - {00768153-33BF-40DF-AF36-7D0FFC58C692} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
O2 - BHO: (Reg Error: Value error.) - {00E17A41-49FA-4D4F-936E-B3D8FFB6ED72} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
O2 - BHO: (Reg Error: Value error.) - {00ED02A6-33BF-40DF-AF36-7D0FFC58C692} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O15 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1287651779109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E2D4A5-2441-4FBB-AFC7-DB6526862D9B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/13 22:57:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1757981266-113007714-682003330-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Admin Shadow^Start Menu^Programs^Startup^_uninst_39072368.lnk - - File not found
MsConfig - StartUpReg: .minecraftUpdate - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleProfileOnline - hkey= - key= - File not found
MsConfig - StartUpReg: dlccmon.exe - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NexonPlug - hkey= - key= - C:\Nexon\NexonPlug\NexonPlug.exe (Nexon Korea Corp.)
MsConfig - StartUpReg: RoboForm - hkey= - key= - File not found
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: US4Service - hkey= - key= - C:\Program Files\Universal Shield\US4Service.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: US30Sys.sys - C:\WINDOWS\system32\drivers\US30XP.sys (© Everstrike Software)
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF489873-07F8-373D-A9CB-9AC688ADA964} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/23 17:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/23 17:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Application Data\SUPERAntiSpyware.com
[2011/09/23 17:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Desktop\RK_Quarantine
[2011/09/23 17:19:28 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin Shadow\Desktop\OTL.exe
[2011/09/23 17:13:18 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/23 17:13:18 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/09/23 17:11:22 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/09/23 17:01:34 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admin Shadow\Desktop\aswMBR.exe
[2011/09/23 15:52:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin Shadow\Recent
[2011/09/23 15:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/22 19:32:44 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/22 19:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/22 16:59:49 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/21 17:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Tracing
[2011/09/21 16:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\AppData
[2011/09/21 16:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\AhnLab
[2011/09/12 18:25:12 | 003,480,352 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Admin Shadow\My Documents\ccsetup310.exe
[2011/09/11 12:38:23 | 000,279,552 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/11 12:38:21 | 000,111,104 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\AppleProfileOnline.dll
[2011/09/07 22:58:10 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\10509902.sys
[2011/09/07 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Universal Shield
[2011/09/07 19:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Shield
[2011/09/07 19:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/09/07 19:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/09/07 19:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/09/07 19:39:28 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/09/07 18:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/09/07 18:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/09/01 15:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Desktop\GGTrainer 1.2.3
[2010/09/30 07:13:35 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[2010/09/30 02:07:56 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2010/09/30 02:07:55 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2010/09/30 02:07:55 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2010/09/30 02:07:55 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2010/09/30 02:07:54 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2010/09/30 02:07:54 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2010/09/30 02:07:54 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2010/09/30 02:07:54 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2010/09/30 02:07:54 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2010/09/30 02:07:54 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2010/09/30 02:07:53 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2010/09/30 02:07:53 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Admin Shadow\Desktop\*.tmp files -> C:\Documents and Settings\Admin Shadow\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Admin Shadow\*.tmp files -> C:\Documents and Settings\Admin Shadow\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/23 17:47:24 | 017,185,920 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\SAS_477917.COM
[2011/09/23 17:33:01 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-113007714-682003330-1005UA.job
[2011/09/23 17:26:55 | 000,060,800 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\TrueSight.sys
[2011/09/23 17:25:48 | 000,657,920 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\RogueKiller.exe
[2011/09/23 17:19:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin Shadow\Desktop\OTL.exe
[2011/09/23 17:13:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/23 17:11:17 | 101,412,864 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\VIPRERescue10555.exe
[2011/09/23 17:01:38 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin Shadow\Desktop\aswMBR.exe
[2011/09/23 16:58:01 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/23 16:33:01 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-113007714-682003330-1005Core.job
[2011/09/23 16:16:09 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/23 16:16:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/23 16:15:59 | 000,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/09/23 15:38:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1616094398
[2011/09/23 15:23:03 | 000,200,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/22 22:39:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/22 19:35:14 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/22 19:30:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/21 20:34:36 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url
[2011/09/21 17:21:53 | 098,988,744 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\setup_11.0.0.1245.x01_2011_09_22_03_12.exe
[2011/09/20 15:25:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/12 18:25:44 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/12 18:25:25 | 003,480,352 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Admin Shadow\My Documents\ccsetup310.exe
[2011/09/11 12:38:24 | 000,279,552 | ---- | M] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll
[2011/09/11 12:38:20 | 000,111,104 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\AppleProfileOnline.dll
[2011/09/08 09:02:45 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\10509902.sys
[2011/09/07 20:18:01 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/09/07 20:17:42 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/09/07 20:13:21 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\Kaspersky.lnk
[2011/09/07 19:39:28 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/09/04 17:27:52 | 001,360,384 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\RiPE Star v2011-08-25.1.dll
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Admin Shadow\Desktop\*.tmp files -> C:\Documents and Settings\Admin Shadow\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Admin Shadow\*.tmp files -> C:\Documents and Settings\Admin Shadow\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/23 17:46:51 | 017,185,920 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Desktop\SAS_477917.COM
[2011/09/23 17:25:51 | 000,060,800 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Desktop\TrueSight.sys
[2011/09/23 17:25:45 | 000,657,920 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Desktop\RogueKiller.exe
[2011/09/23 17:13:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/09/23 17:11:09 | 101,412,864 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Desktop\VIPRERescue10555.exe
[2011/09/23 15:23:03 | 000,200,144 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/22 19:30:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/21 20:31:02 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url
[2011/09/21 17:21:35 | 098,988,744 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Desktop\setup_11.0.0.1245.x01_2011_09_22_03_12.exe
[2011/09/20 15:57:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1616094398
[2011/09/07 20:13:21 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Desktop\Kaspersky.lnk
[2011/09/07 19:42:01 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/09/07 19:42:01 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/09/04 17:27:44 | 001,360,384 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Desktop\RiPE Star v2011-08-25.1.dll
[2011/06/30 21:42:35 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0621.old
[2011/06/30 17:21:23 | 000,014,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\43amg0t2ihe520p034qj2450ufpjkok7812v64x40
[2011/06/30 17:21:23 | 000,014,492 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\43amg0t2ihe520p034qj2450ufpjkok7812v64x40
[2011/06/14 17:37:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2011/04/25 17:53:33 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011/04/11 16:19:04 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2010/12/03 18:08:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/25 23:34:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fqdjcgod.sys
[2010/11/25 22:25:42 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\preihunx.sys
[2010/09/30 02:07:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2010/09/30 02:07:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2010/09/30 02:07:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2010/09/30 02:07:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2010/09/30 02:07:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2010/09/30 02:07:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2010/09/30 02:07:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2010/09/30 02:07:50 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2010/09/30 02:07:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2010/09/30 02:07:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2010/09/29 22:12:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/29 22:11:19 | 000,336,503 | ---- | C] () -- C:\WINDOWS\System32\KillDrv.exe
[2010/09/29 22:10:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/09/29 22:10:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/09/29 22:10:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/09/29 22:10:13 | 000,174,820 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/09/29 07:56:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/08/29 21:31:43 | 000,048,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\3waregsm.sys
[2008/08/29 21:31:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\3waresrv.exe
[2008/08/29 21:31:43 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys
[2008/08/29 21:31:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\3warerun.exe
[2008/08/29 21:31:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/29 21:31:27 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\OEMInfo.ini
[2008/08/13 23:01:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/13 22:54:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/13 15:47:06 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2008/08/13 15:45:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,539,342 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,112,000 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/09/30 02:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\acccore
[2011/01/10 23:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\Adobe
[2010/10/11 00:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\Google
[2010/09/30 00:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\Identities
[2010/11/26 01:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\Jasc Software Inc
[2010/09/30 00:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\Macromedia
[2011/06/14 18:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\Microsoft
[2011/06/17 17:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\Motive
[2011/09/10 14:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla
[2011/06/30 20:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\PC Tools
[2010/11/05 23:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\Sun
[2011/09/23 17:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\SUPERAntiSpyware.com
[2010/09/30 07:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\WinRAR
[2011/06/17 17:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\Yahoo!


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | RH-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | RH-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2011/09/22 16:46:22 | 001,008,092 | ---- | M] () MD5=645A8F39A10306D50382EB49A6C49AAB -- C:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe
[2008/04/14 05:00:00 | 000,026,112 | RH-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 05:00:00 | 000,507,904 | RH-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/06 21:13:12 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/06 21:13:12 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/06 21:13:12 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/06 21:13:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/06 21:13:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/06 21:13:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/07 23:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2009/03/07 23:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/06 21:13:12 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/06 21:13:12 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/06 21:13:12 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/06 21:13:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/06 21:13:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/06 21:13:09 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 05:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/07 23:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2009/03/07 23:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Files - Unicode (All) ==========
[2011/04/11 20:41:30 | 000,001,472 | ---- | M] ()(C:\Documents and Settings\All Users\Desktop\?????.lnk) -- C:\Documents and Settings\All Users\Desktop\넥슨플러그.lnk
[2011/04/11 20:41:30 | 000,001,472 | ---- | C] ()(C:\Documents and Settings\All Users\Desktop\?????.lnk) -- C:\Documents and Settings\All Users\Desktop\넥슨플러그.lnk

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB4667$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\WINDOWS\1616094398:1096527007.exe
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

Edited by michaelg9, 24 September 2011 - 03:33 AM.
Removed quotes from logs

  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:) . I'm Michael and I'm going to help you fix your computer :unsure:

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.


You are infected with ZeroAccess rootkit

Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall



Next:

Delete any tool you may have on your Desktop, and download the new ones:

Download Combofix from any of the links below but rename it to explorer.com before saving it to your Desktop.

Link 1
Link 2
Link 3


==================================

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\explorer.com" /killall

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.


Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 40 3B 00 BF 33 DF 40 AF 36 7D 0F FC 58 C6 92 [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 40 3B 00 BF 33 DF 40 AF 36 7D 0F FC 58 C6 92 [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 40 3B 00 BF 33 DF 40 AF 36 7D 0F FC 58 C6 92 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 40 3B 00 BF 33 DF 40 AF 36 7D 0F FC 58 C6 92 [binary data]
    IE - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A9 40 3B 00 BF 33 DF 40 AF 36 7D 0F FC 58 C6 92 [binary data]
    [2011/06/30 20:32:39 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}
    [2011/09/23 17:24:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}
    [2011/07/01 09:58:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}
    O2 - BHO: (Reg Error: Value error.) - {003B40A9-33BF-40DF-AF36-7D0FFC58C692} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
    O2 - BHO: (Reg Error: Value error.) - {0070BD20-49FA-4D4F-936E-B3D8FFB6ED72} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
    O2 - BHO: (Reg Error: Value error.) - {00768153-33BF-40DF-AF36-7D0FFC58C692} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
    O2 - BHO: (Reg Error: Value error.) - {00E17A41-49FA-4D4F-936E-B3D8FFB6ED72} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
    O2 - BHO: (Reg Error: Value error.) - {00ED02A6-33BF-40DF-AF36-7D0FFC58C692} - C:\WINDOWS\system32\wscui32.dll (The Imaging Source Europe GmbH)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    [2011/09/11 12:38:23 | 000,279,552 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll
    [2011/09/11 12:38:21 | 000,111,104 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\AppleProfileOnline.dll
    [4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\Admin Shadow\Desktop\*.tmp files -> C:\Documents and Settings\Admin Shadow\Desktop\*.tmp -> ]
    [1 C:\Documents and Settings\Admin Shadow\*.tmp files -> C:\Documents and Settings\Admin Shadow\*.tmp -> ]
    [2011/09/23 15:38:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1616094398
    [2011/09/11 12:38:24 | 000,279,552 | ---- | M] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wscui32.dll
    [2011/09/11 12:38:20 | 000,111,104 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\AppleProfileOnline.dll
    [2011/09/20 15:57:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1616094398
    [2011/06/30 17:21:23 | 000,014,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\43amg0t2ihe520p034qj2450ufpjkok7812v64x40
    [2011/06/30 17:21:23 | 000,014,492 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\43amg0t2ihe520p034qj2450ufpjkok7812v64x40
    [2011/06/14 17:37:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2010/11/25 23:34:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fqdjcgod.sys
    [2010/11/25 22:25:42 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\preihunx.sys
    [2010/09/29 22:11:19 | 000,336,503 | ---- | C] () -- C:\WINDOWS\System32\KillDrv.exe
    [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
    [2011/04/11 20:41:30 | 000,001,472 | ---- | M] ()(C:\Documents and Settings\All Users\Desktop\?????.lnk) -- C:\Documents and Settings\All Users\Desktop\넥슨플러그.lnk
    [2011/04/11 20:41:30 | 000,001,472 | ---- | C] ()(C:\Documents and Settings\All Users\Desktop\?????.lnk) -- C:\Documents and Settings\All Users\Desktop\넥슨플러그.lnk
    [C:\WINDOWS\$NtUninstallKB4667$] -> Error: Cannot create file handle -> Unknown point type
    @Alternate Data Stream - 784 bytes -> C:\WINDOWS\1616094398:1096527007.exe

    :Services

    :Reg

    :Files
    C:\WINDOWS\1616094398
    C:\WINDOWS\system32\wscui32.dll
    C:\Documents and Settings\Admin Shadow\desktop\Winject.exe
    C:\Documents and Settings\All Users\Application Data\AppleProfileOnline.dll
    C:\windows\caner.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Next:

If ComboFix won't be allowed to run, try to run OTL fix from safe mode first and then, after the OTL fix, boot into normal windows again, delete the old ComboFix and follow the same instructions at step1 to re-download it and run it
  • 0

#3
dsxdawn

dsxdawn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Greetings Michael!
Thank you for the quick reply.

Update:
-The computer is running much more smoothly, thank you!
- wodzmevjxa.tmp has disappeared from sight and I feel much safer, thank you!
- MalwareBytes still refuses to open =(



Here are the things you requested~


ComboFix 11-09-24.04 - Admin Shadow 4/2011 Sat 14:31:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1534.1146 [GMT -7:00]
执行位置: c:\documents and settings\Admin Shadow\desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin Shadow\Desktop\Setup.exe
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cufysnsu.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\install.rdf
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\chrome.manifest
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\chrome\xulcache.jar
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\defaults\preferences\xulcache.js
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\install.rdf
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\chrome.manifest
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\chrome\xulcache.jar
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\defaults\preferences\xulcache.js
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\install.rdf
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\chrome.manifest
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\chrome\xulcache.jar
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\defaults\preferences\xulcache.js
c:\documents and settings\Dumb [bleep] 5\Application Data\Mozilla\Firefox\Profiles\gq3udn9r.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\install.rdf
c:\documents and settings\LocalService\Application Data\02000000338c95951363C.manifest
c:\documents and settings\LocalService\Application Data\02000000338c95951363O.manifest
c:\documents and settings\LocalService\Application Data\02000000338c95951363P.manifest
c:\documents and settings\LocalService\Application Data\02000000338c95951363S.manifest
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( 2011-08-24 至 2011-09-24 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-09-24 21:16 . 2011-09-24 21:16 -------- d-----w- C:\_OTL
2011-09-24 16:01 . 2011-09-24 16:01 -------- d-----w- C:\found.000
2011-09-24 06:18 . 2011-09-24 06:18 -------- d-----w- c:\documents and settings\Admin Shadow\Application Data\Malwarebytes
2011-09-24 03:34 . 2011-09-24 04:29 -------- d-sh--w- c:\windows\Installer
2011-09-24 03:23 . 2002-02-27 21:12 2600 ----a-w- C:\xp_exe_fix.reg
2011-09-24 00:47 . 2011-09-24 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-24 00:47 . 2011-09-24 00:47 -------- d-----w- c:\documents and settings\Admin Shadow\Application Data\SUPERAntiSpyware.com
2011-09-24 00:13 . 2010-11-09 21:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-24 00:13 . 2010-11-09 21:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-09-24 00:11 . 2011-09-24 01:31 -------- d-----w- C:\VIPRERESCUE
2011-09-23 02:30 . 2011-09-24 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-22 23:59 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-22 00:32 . 2011-09-24 21:43 -------- d-----w- c:\documents and settings\Admin Shadow\Tracing
2011-09-21 23:15 . 2011-09-21 23:15 -------- d-----w- c:\program files\AhnLab
2011-09-21 23:15 . 2011-09-21 23:15 -------- d-----w- c:\documents and settings\Admin Shadow\AppData
2011-09-08 05:58 . 2011-09-08 16:02 133208 ----a-w- c:\windows\system32\drivers\10509902.sys
2011-09-08 02:54 . 2011-09-08 02:58 -------- d-----w- c:\program files\Universal Shield
2011-09-08 02:42 . 2010-10-06 03:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]_bak\components\abhelperxpcom.dll
2011-09-08 02:42 . 2010-10-06 03:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]_bak\components\kavlinkfilter.dll
2011-09-08 02:39 . 2011-09-24 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-09-08 02:39 . 2011-09-08 02:39 -------- d-----w- c:\program files\Kaspersky Lab
2011-09-08 01:04 . 2011-09-08 01:11 -------- d-----w- c:\program files\Unlocker
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin Shadow^Start Menu^Programs^Startup^_uninst_39072368.lnk]
path=c:\documents and settings\Admin Shadow\Start Menu\Programs\Startup\_uninst_39072368.lnk
backup=c:\windows\pss\_uninst_39072368.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 15:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-22 20:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-10-21 15:40 430080 ----a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-29 03:17 136176 ----atw- c:\documents and settings\Admin Shadow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-09-01 00:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 14:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonPlug]
2011-05-03 00:44 2430328 ----a-w- c:\nexon\NexonPlug\NexonPlug.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 03:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\US4Service]
2010-03-24 18:57 39552 ----a-w- c:\program files\Universal Shield\US4Service.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\REACTOR\\ijjiOptimizer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\Admin Shadow\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Nexon\\MapleStory\\GameLauncher.exe"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
.
R0 10509902;10509902;c:\windows\system32\drivers\10509902.sys [9/7/2011 10:58 PM 133208]
R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [8/29/2008 9:31 PM 27648]
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [8/29/2008 9:31 PM 7680]
R0 tmagp;Transmeta TM 8000 AGP Filter Driver;c:\windows\system32\drivers\TMAGP.SYS [8/29/2008 9:32 PM 27648]
R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\windows\system32\drivers\ULiAGP.SYS [8/29/2008 9:32 PM 33408]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [8/29/2008 9:31 PM 45056]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [9/23/2011 5:13 PM 98392]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/22/2011 7:30 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/22/2011 4:59 PM 22216]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [9/29/2010 10:11 PM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [9/29/2010 10:11 PM 251904]
S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [8/29/2008 9:31 PM 9809]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINS~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINS~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINS~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ADMINS~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2010 7:25 AM 136176]
S3 EagleX64;EagleX64;\??\c:\documents and settings\Admin Shadow\Local Settings\Temp\EagleX64.sys --> c:\documents and settings\Admin Shadow\Local Settings\Temp\EagleX64.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/10/2010 7:25 AM 136176]
S3 TrueSight;TrueSight;c:\documents and settings\Admin Shadow\desktop\TrueSight.sys [9/23/2011 5:25 PM 60800]
.
‘计划任务’ 文件夹 里的内容
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 14:25]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 14:25]
.
2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-113007714-682003330-1005Core.job
- c:\documents and settings\Admin Shadow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-29 03:17]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-113007714-682003330-1005UA.job
- c:\documents and settings\Admin Shadow\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-29 03:17]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.att.net
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com\clientapps
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FiZiX's PointGAINER [Works with Firefox 3.6 - Lpok08]: {096fce39-df8c-49ad-a4ce-9ef4a875bb76} - %profile%\extensions\{096fce39-df8c-49ad-a4ce-9ef4a875bb76}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-31567475.sys
SafeBoot-US30Sys.sys
MSConfigStartUp- - c:\documents and settings\Admin Shadow\Application Data\.minecraft\.minecraftUpdate\.minecraftupdt32.exe
MSConfigStartUp-AppleProfileOnline - c:\documents and settings\All Users\Application Data\AppleProfileOnline.dll
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-SandboxieControl - c:\program files\Sandboxie\SbieCtrl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-24 14:43
Windows 5.1.2600 Service Pack 3 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6376)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
完成时间: 2011-09-24 14:48:09 - 电脑已重新启动
ComboFix-quarantined-files.txt 2011-09-24 21:48
.
Pre-Run: 64,940,400,640 bytes free
Post-Run: 64,805,261,312 bytes free
.
- - End Of File - - E2D888EB58605487949264AF79A8B7B3



All processes killed
========== OTL ==========
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\defaults folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c}\chrome folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{3dd38bdd-3962-423d-8754-e3fc0d11387c} folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\defaults folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933}\chrome folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{aabc33a4-599e-4207-8d5a-22df6acfa933} folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\defaults folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82}\chrome folder moved successfully.
C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{e0711003-28ce-406e-9522-2b1df5240f82} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{003B40A9-33BF-40DF-AF36-7D0FFC58C692}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{003B40A9-33BF-40DF-AF36-7D0FFC58C692}\ deleted successfully.
C:\WINDOWS\system32\wscui32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0070BD20-49FA-4D4F-936E-B3D8FFB6ED72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0070BD20-49FA-4D4F-936E-B3D8FFB6ED72}\ deleted successfully.
File C:\WINDOWS\system32\wscui32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00768153-33BF-40DF-AF36-7D0FFC58C692}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00768153-33BF-40DF-AF36-7D0FFC58C692}\ deleted successfully.
File C:\WINDOWS\system32\wscui32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00E17A41-49FA-4D4F-936E-B3D8FFB6ED72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00E17A41-49FA-4D4F-936E-B3D8FFB6ED72}\ deleted successfully.
File C:\WINDOWS\system32\wscui32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00ED02A6-33BF-40DF-AF36-7D0FFC58C692}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00ED02A6-33BF-40DF-AF36-7D0FFC58C692}\ deleted successfully.
File C:\WINDOWS\system32\wscui32.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\WINDOWS\System32\wscui32.dll not found.
C:\Documents and Settings\All Users\Application Data\AppleProfileOnline.dll moved successfully.
C:\WINDOWS\System32\dllcache\SET2F5.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET2F6.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETA8.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SETAC.tmp deleted successfully.
C:\WINDOWS\System32\SET2F2.tmp deleted successfully.
C:\WINDOWS\System32\SET2F3.tmp deleted successfully.
C:\WINDOWS\System32\SET2F4.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\Admin Shadow\Desktop\wodzmevjxa.tmp deleted successfully.
C:\Documents and Settings\Admin Shadow\wodzmevjxa.tmp deleted successfully.
C:\WINDOWS\1616094398 moved successfully.
File C:\WINDOWS\System32\wscui32.dll not found.
File C:\Documents and Settings\All Users\Application Data\AppleProfileOnline.dll not found.
File C:\WINDOWS\1616094398 not found.
C:\Documents and Settings\All Users\Application Data\43amg0t2ihe520p034qj2450ufpjkok7812v64x40 moved successfully.
C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\43amg0t2ihe520p034qj2450ufpjkok7812v64x40 moved successfully.
C:\WINDOWS\jautoexp.dat moved successfully.
C:\WINDOWS\system32\drivers\fqdjcgod.sys moved successfully.
C:\WINDOWS\system32\drivers\preihunx.sys moved successfully.
C:\WINDOWS\system32\KillDrv.exe moved successfully.
C:\Documents and Settings\All Users\Desktop\넥슨플러그.lnk moved successfully.
File C:\Documents and Settings\All Users\Desktop\넥슨플러그.lnk not found.
Unable to remove Unknown point type C:\WINDOWS\$NtUninstallKB4667$
Unable to delete ADS C:\WINDOWS\1616094398:1096527007.exe .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\WINDOWS\1616094398 not found.
File\Folder C:\WINDOWS\system32\wscui32.dll not found.
C:\Documents and Settings\Admin Shadow\desktop\Winject.exe moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\AppleProfileOnline.dll not found.
File\Folder C:\windows\caner.exe not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin Shadow
->Temp folder emptied: 154860380 bytes
->Temporary Internet Files folder emptied: 9682588 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40551159 bytes
->Flash cache emptied: 712 bytes

User: Administrator
->Temp folder emptied: 23696 bytes
->Temporary Internet Files folder emptied: 13880903 bytes
->FireFox cache emptied: 71148819 bytes
->Flash cache emptied: 956 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Dumb [bleep] 5
->Temp folder emptied: 338428 bytes
->Temporary Internet Files folder emptied: 3812458 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15935846 bytes
->Flash cache emptied: 57175 bytes

User: LocalService
->Temp folder emptied: 66083 bytes
->Temporary Internet Files folder emptied: 375714021 bytes
->Flash cache emptied: 54310 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 196327389 bytes
->Java cache emptied: 11904 bytes
->Flash cache emptied: 23720 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 120073050 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 956.00 mb


[EMPTYFLASH]

User: Admin Shadow
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Dumb [bleep] 5
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09242011_141619

Files\Folders moved on Reboot...
C:\Documents and Settings\Admin Shadow\Local Settings\Temp\~DF2CAC.tmp moved successfully.
C:\Documents and Settings\Admin Shadow\Local Settings\Temporary Internet Files\Content.IE5\9B0UY829\0[1].030886805275210816 moved successfully.
C:\Documents and Settings\Admin Shadow\Local Settings\Temporary Internet Files\Content.IE5\9B0UY829\att_my_yahoo_com[1].htm moved successfully.

Registry entries deleted on Reboot...

Edited by michaelg9, 25 September 2011 - 08:49 AM.

  • 0

#4
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Please don't quote your logs, just post them as is
The rootkit is most probably gone, but programs that were prevented from running would need to be re-installed / redownloaded

Do you know what TrueSight.sys driver on your Desktop is?


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Next:



Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under Extra Registry select Use Safelist
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt and Extras.txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your next reply.



Next:

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Documents and Settings\Admin Shadow\desktop\TrueSight.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#5
dsxdawn

dsxdawn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello again!
We are making great progress, thank you!

Sorry for the quotes, I thought grouping the logs would make it easier for you to analyze. I'll post them directly like you have asked~

TrueSight.sys was a removal tool I found off this forum somewhere and I removed it since i didn't want any removal tools to interfere with the programs you instructed for me to use. I also ran a system search and its completely gone as there were no results.

Here are the things you requested.


TDSSKiller.txt
11:47:04.0828 0112 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
11:47:05.0171 0112 ============================================================
11:47:05.0171 0112 Current date / time: 2011/09/25 11:47:05.0171
11:47:05.0171 0112 SystemInfo:
11:47:05.0171 0112
11:47:05.0171 0112 OS Version: 5.1.2600 ServicePack: 3.0
11:47:05.0171 0112 Product type: Workstation
11:47:05.0171 0112 ComputerName: X6X8-20100929VB
11:47:05.0171 0112 UserName: Admin Shadow
11:47:05.0171 0112 Windows directory: C:\WINDOWS
11:47:05.0171 0112 System windows directory: C:\WINDOWS
11:47:05.0171 0112 Processor architecture: Intel x86
11:47:05.0171 0112 Number of processors: 2
11:47:05.0171 0112 Page size: 0x1000
11:47:05.0171 0112 Boot type: Normal boot
11:47:05.0171 0112 ============================================================
11:47:06.0312 0112 Initialize success
11:47:15.0328 0152 ============================================================
11:47:15.0328 0152 Scan started
11:47:15.0328 0152 Mode: Manual;
11:47:15.0328 0152 ============================================================
11:47:15.0953 0152 10509902 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\10509902.sys
11:47:15.0953 0152 10509902 - ok
11:47:15.0984 0152 Abiosdsk - ok
11:47:16.0031 0152 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:47:16.0031 0152 ACPI - ok
11:47:16.0078 0152 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:47:16.0078 0152 aec - ok
11:47:16.0125 0152 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
11:47:16.0125 0152 AFD - ok
11:47:16.0203 0152 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:47:16.0203 0152 agpCPQ - ok
11:47:16.0250 0152 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:47:16.0265 0152 alim1541 - ok
11:47:16.0265 0152 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:47:16.0281 0152 amdagp - ok
11:47:16.0281 0152 amdagp8p (d5bcc5dd747fdd6ad1a5b3fa2bdbb5fa) C:\WINDOWS\system32\DRIVERS\amdagp8p.sys
11:47:16.0281 0152 amdagp8p - ok
11:47:16.0343 0152 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:47:16.0343 0152 AsyncMac - ok
11:47:16.0359 0152 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:47:16.0359 0152 atapi - ok
11:47:16.0375 0152 Atdisk - ok
11:47:16.0515 0152 ati2mtag (7e682d97868cefae5d2bbd23ebbf7207) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:47:16.0546 0152 ati2mtag - ok
11:47:16.0671 0152 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:47:16.0671 0152 Atmarpc - ok
11:47:16.0734 0152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:47:16.0734 0152 audstub - ok
11:47:16.0765 0152 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
11:47:16.0781 0152 bb-run - ok
11:47:16.0812 0152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:47:16.0812 0152 Beep - ok
11:47:16.0828 0152 caboagp (3b0fed71f3ffb5a8ca6b710723dcad90) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
11:47:16.0828 0152 caboagp - ok
11:47:16.0843 0152 catchme - ok
11:47:16.0859 0152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:47:16.0859 0152 Cdaudio - ok
11:47:16.0859 0152 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:47:16.0875 0152 Cdfs - ok
11:47:16.0906 0152 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:47:16.0906 0152 Cdrom - ok
11:47:16.0921 0152 Changer - ok
11:47:16.0968 0152 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:47:16.0968 0152 CmBatt - ok
11:47:17.0031 0152 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:47:17.0031 0152 Compbatt - ok
11:47:17.0109 0152 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:47:17.0109 0152 Disk - ok
11:47:17.0171 0152 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:47:17.0187 0152 dmboot - ok
11:47:17.0203 0152 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:47:17.0218 0152 dmio - ok
11:47:17.0296 0152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:47:17.0296 0152 dmload - ok
11:47:17.0328 0152 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:47:17.0343 0152 DMusic - ok
11:47:17.0390 0152 dontgo (ee1cf616037552f4e75fd6592d0677b6) C:\WINDOWS\system32\DRIVERS\DontGo.sys
11:47:17.0406 0152 dontgo - ok
11:47:17.0406 0152 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:47:17.0421 0152 drmkaud - ok
11:47:17.0468 0152 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:47:17.0468 0152 E100B - ok
11:47:17.0468 0152 EagleNT - ok
11:47:17.0578 0152 EagleX64 - ok
11:47:17.0671 0152 EagleXNt - ok
11:47:17.0734 0152 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
11:47:17.0750 0152 es1371 - ok
11:47:17.0781 0152 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:47:17.0781 0152 Fastfat - ok
11:47:17.0812 0152 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:47:17.0812 0152 Fdc - ok
11:47:17.0828 0152 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:47:17.0843 0152 Fips - ok
11:47:17.0843 0152 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:47:17.0859 0152 Flpydisk - ok
11:47:17.0906 0152 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:47:17.0906 0152 FltMgr - ok
11:47:18.0015 0152 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
11:47:18.0031 0152 FsVga - ok
11:47:18.0078 0152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:47:18.0078 0152 Fs_Rec - ok
11:47:18.0093 0152 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:47:18.0109 0152 Ftdisk - ok
11:47:18.0109 0152 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
11:47:18.0125 0152 gagp30kx - ok
11:47:18.0156 0152 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
11:47:18.0156 0152 gameenum - ok
11:47:18.0203 0152 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:47:18.0203 0152 Gpc - ok
11:47:18.0250 0152 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:47:18.0265 0152 HDAudBus - ok
11:47:18.0281 0152 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:47:18.0296 0152 HidUsb - ok
11:47:18.0359 0152 hptpro (2b5e16c0e3d0eaa699750e01aea82d90) C:\WINDOWS\system32\DRIVERS\hptpro.sys
11:47:18.0375 0152 hptpro - ok
11:47:18.0421 0152 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:47:18.0437 0152 HTTP - ok
11:47:18.0468 0152 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:47:18.0484 0152 i2omgmt - ok
11:47:18.0515 0152 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:47:18.0515 0152 i8042prt - ok
11:47:18.0562 0152 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:47:18.0562 0152 Imapi - ok
11:47:18.0703 0152 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:47:18.0703 0152 intelppm - ok
11:47:18.0750 0152 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:47:18.0765 0152 Ip6Fw - ok
11:47:18.0796 0152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:47:18.0812 0152 IpFilterDriver - ok
11:47:18.0812 0152 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:47:18.0828 0152 IpInIp - ok
11:47:18.0843 0152 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:47:18.0859 0152 IpNat - ok
11:47:18.0875 0152 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:47:18.0875 0152 IPSec - ok
11:47:18.0921 0152 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:47:18.0921 0152 IRENUM - ok
11:47:19.0015 0152 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:47:19.0015 0152 isapnp - ok
11:47:19.0078 0152 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:47:19.0078 0152 Kbdclass - ok
11:47:19.0093 0152 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:47:19.0093 0152 kbdhid - ok
11:47:19.0125 0152 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:47:19.0140 0152 kmixer - ok
11:47:19.0171 0152 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:47:19.0171 0152 KSecDD - ok
11:47:19.0187 0152 lbrtfdc - ok
11:47:19.0234 0152 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
11:47:19.0234 0152 MBAMProtector - ok
11:47:19.0328 0152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:47:19.0328 0152 mnmdd - ok
11:47:19.0390 0152 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:47:19.0390 0152 Modem - ok
11:47:19.0437 0152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:47:19.0437 0152 Mouclass - ok
11:47:19.0453 0152 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:47:19.0453 0152 mouhid - ok
11:47:19.0468 0152 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:47:19.0468 0152 MountMgr - ok
11:47:19.0578 0152 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
11:47:19.0578 0152 MREMP50 - ok
11:47:19.0593 0152 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
11:47:19.0593 0152 MRESP50 - ok
11:47:19.0703 0152 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:47:19.0703 0152 MRxDAV - ok
11:47:19.0765 0152 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:47:19.0781 0152 MRxSmb - ok
11:47:19.0812 0152 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:47:19.0828 0152 Msfs - ok
11:47:19.0875 0152 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:47:19.0875 0152 MSKSSRV - ok
11:47:19.0890 0152 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:47:19.0890 0152 MSPCLOCK - ok
11:47:19.0906 0152 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:47:19.0906 0152 MSPQM - ok
11:47:19.0953 0152 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:47:19.0953 0152 mssmbios - ok
11:47:20.0062 0152 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:47:20.0078 0152 Mup - ok
11:47:20.0140 0152 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:47:20.0156 0152 NDIS - ok
11:47:20.0187 0152 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:47:20.0203 0152 NdisTapi - ok
11:47:20.0234 0152 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:47:20.0234 0152 Ndisuio - ok
11:47:20.0250 0152 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:47:20.0265 0152 NdisWan - ok
11:47:20.0343 0152 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:47:20.0359 0152 NDProxy - ok
11:47:20.0406 0152 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:47:20.0421 0152 NetBIOS - ok
11:47:20.0453 0152 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:47:20.0468 0152 NetBT - ok
11:47:20.0500 0152 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:47:20.0500 0152 Npfs - ok
11:47:20.0546 0152 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:47:20.0562 0152 Ntfs - ok
11:47:20.0593 0152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:47:20.0593 0152 Null - ok
11:47:20.0609 0152 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
11:47:20.0625 0152 nv_agp - ok
11:47:20.0656 0152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:47:20.0656 0152 NwlnkFlt - ok
11:47:20.0750 0152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:47:20.0765 0152 NwlnkFwd - ok
11:47:20.0812 0152 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:47:20.0812 0152 Parport - ok
11:47:20.0828 0152 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:47:20.0828 0152 PartMgr - ok
11:47:20.0875 0152 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:47:20.0875 0152 ParVdm - ok
11:47:20.0906 0152 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:47:20.0906 0152 PCI - ok
11:47:20.0921 0152 PCIDump - ok
11:47:20.0921 0152 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:47:20.0937 0152 PCIIde - ok
11:47:20.0968 0152 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:47:20.0968 0152 Pcmcia - ok
11:47:21.0078 0152 PCnet (7bc8027d56fab153a987c56ae9835664) C:\WINDOWS\system32\DRIVERS\pcntpci5.sys
11:47:21.0078 0152 PCnet - ok
11:47:21.0109 0152 PDCOMP - ok
11:47:21.0125 0152 PDFRAME - ok
11:47:21.0125 0152 PDRELI - ok
11:47:21.0140 0152 PDRFRAME - ok
11:47:21.0171 0152 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:47:21.0171 0152 perc2hib - ok
11:47:21.0250 0152 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:47:21.0250 0152 PptpMiniport - ok
11:47:21.0281 0152 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:47:21.0296 0152 Processor - ok
11:47:21.0312 0152 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:47:21.0312 0152 PSched - ok
11:47:21.0328 0152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:47:21.0343 0152 Ptilink - ok
11:47:21.0343 0152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:47:21.0359 0152 RasAcd - ok
11:47:21.0375 0152 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:47:21.0375 0152 Rasl2tp - ok
11:47:21.0390 0152 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:47:21.0406 0152 RasPppoe - ok
11:47:21.0406 0152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:47:21.0421 0152 Raspti - ok
11:47:21.0437 0152 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:47:21.0453 0152 Rdbss - ok
11:47:21.0515 0152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:47:21.0515 0152 RDPCDD - ok
11:47:21.0562 0152 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:47:21.0578 0152 rdpdr - ok
11:47:21.0593 0152 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:47:21.0609 0152 RDPWD - ok
11:47:21.0765 0152 SASDIFSV - ok
11:47:21.0765 0152 SASKUTIL - ok
11:47:21.0906 0152 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
11:47:21.0906 0152 SBRE - ok
11:47:21.0937 0152 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:47:21.0953 0152 Secdrv - ok
11:47:21.0968 0152 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:47:21.0984 0152 serenum - ok
11:47:22.0000 0152 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:47:22.0015 0152 Serial - ok
11:47:22.0031 0152 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:47:22.0046 0152 Sfloppy - ok
11:47:22.0062 0152 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
11:47:22.0078 0152 sfng32 - ok
11:47:22.0109 0152 SiFilter (e853c341bbf4ac0007a8db0858dbb09d) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
11:47:22.0125 0152 SiFilter - ok
11:47:22.0125 0152 Simbad - ok
11:47:22.0140 0152 SiRemFil (d80e6f142eb4963e82a8537dd745f51b) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
11:47:22.0156 0152 SiRemFil - ok
11:47:22.0218 0152 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:47:22.0218 0152 sisagp - ok
11:47:22.0390 0152 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:47:22.0390 0152 splitter - ok
11:47:22.0437 0152 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:47:22.0453 0152 sr - ok
11:47:22.0484 0152 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:47:22.0500 0152 Srv - ok
11:47:22.0578 0152 STHDA (237ccbfc82b4c98435461972597f29d5) C:\WINDOWS\system32\drivers\sthda.sys
11:47:22.0593 0152 STHDA - ok
11:47:22.0687 0152 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:47:22.0703 0152 swenum - ok
11:47:22.0734 0152 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:47:22.0750 0152 swmidi - ok
11:47:22.0781 0152 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:47:22.0781 0152 sysaudio - ok
11:47:22.0843 0152 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:47:22.0859 0152 Tcpip - ok
11:47:22.0906 0152 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:47:22.0921 0152 TDPIPE - ok
11:47:22.0953 0152 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:47:22.0968 0152 TDTCP - ok
11:47:23.0000 0152 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:47:23.0015 0152 TermDD - ok
11:47:23.0062 0152 tmagp (2275ef7ca18a77268b527b926ab6d643) C:\WINDOWS\system32\DRIVERS\tmagp.sys
11:47:23.0078 0152 tmagp - ok
11:47:23.0125 0152 TrueSight - ok
11:47:23.0203 0152 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
11:47:23.0203 0152 uagp35 - ok
11:47:23.0343 0152 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:47:23.0359 0152 Udfs - ok
11:47:23.0421 0152 ULiAGP (25ec7fd654641c4430646fde1f9971ab) C:\WINDOWS\system32\DRIVERS\ULiAGP.sys
11:47:23.0421 0152 ULiAGP - ok
11:47:23.0453 0152 uliagpkx (67ab641cc203081780e8483faa959549) C:\WINDOWS\system32\DRIVERS\agpkx.sys
11:47:23.0453 0152 uliagpkx - ok
11:47:23.0484 0152 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:47:23.0500 0152 Update - ok
11:47:23.0640 0152 US30Sys (d19c37073259c28b1ee61fab3f7a729b) C:\WINDOWS\system32\Drivers\US30XP.sys
11:47:23.0640 0152 US30Sys - ok
11:47:23.0687 0152 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:47:23.0703 0152 usbccgp - ok
11:47:23.0734 0152 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:47:23.0750 0152 usbehci - ok
11:47:23.0781 0152 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:47:23.0796 0152 usbhub - ok
11:47:23.0828 0152 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:47:23.0843 0152 usbohci - ok
11:47:23.0859 0152 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:47:23.0859 0152 usbprint - ok
11:47:23.0921 0152 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:47:23.0937 0152 usbscan - ok
11:47:23.0968 0152 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:47:23.0984 0152 USBSTOR - ok
11:47:24.0000 0152 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:47:24.0015 0152 usbuhci - ok
11:47:24.0031 0152 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:47:24.0046 0152 VgaSave - ok
11:47:24.0078 0152 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:47:24.0093 0152 viaagp - ok
11:47:24.0109 0152 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
11:47:24.0109 0152 viaagp1 - ok
11:47:24.0125 0152 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:47:24.0140 0152 VolSnap - ok
11:47:24.0203 0152 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\WINDOWS\system32\DRIVERS\VSTBS23.SYS
11:47:24.0218 0152 VSTHWBS2 - ok
11:47:24.0281 0152 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\WINDOWS\system32\DRIVERS\VSTDPV3.SYS
11:47:24.0296 0152 VST_DPV - ok
11:47:24.0406 0152 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:47:24.0421 0152 Wanarp - ok
11:47:24.0437 0152 WDICA - ok
11:47:24.0468 0152 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:47:24.0484 0152 wdmaud - ok
11:47:24.0546 0152 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\WINDOWS\system32\DRIVERS\VSTCNXT3.SYS
11:47:24.0562 0152 winachsf - ok
11:47:24.0640 0152 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:47:24.0656 0152 WS2IFSL - ok
11:47:24.0750 0152 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:47:24.0765 0152 WudfPf - ok
11:47:24.0796 0152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:47:24.0812 0152 WudfRd - ok
11:47:24.0859 0152 xfilt (bec604cdc548a528ebd3d7aa1dd46a89) C:\WINDOWS\system32\DRIVERS\xfilt.sys
11:47:24.0859 0152 xfilt - ok
11:47:24.0890 0152 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:47:24.0968 0152 \Device\Harddisk0\DR0 - ok
11:47:24.0984 0152 Boot (0x1200) (25aa7c337f2497a216d4efb8f019ee79) \Device\Harddisk0\DR0\Partition0
11:47:24.0984 0152 \Device\Harddisk0\DR0\Partition0 - ok
11:47:24.0984 0152 ============================================================
11:47:24.0984 0152 Scan finished
11:47:24.0984 0152 ============================================================
11:47:25.0000 1736 Detected object count: 0
11:47:25.0000 1736 Actual detected object count: 0


OTL.txt
OTL logfile created on: 9/25/2011 11:54:18 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Admin Shadow\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 75.25% Memory free
2.10 Gb Paging File | 1.88 Gb Available in Paging File | 89.48% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 60.34 Gb Free Space | 81.00% Space Free | Partition Type: NTFS

Computer Name: X6X8-20100929VB | User Name: Admin Shadow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/24 14:14:57 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin Shadow\desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/20 06:14:54 | 000,039,552 | ---- | M] () -- C:\Program Files\Universal Shield\US40Context.dll
MOD - [2010/03/14 20:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/08/26 12:43:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\dlcccfg.dll
MOD - [2005/04/01 09:44:16 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll
MOD - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/07/02 15:32:00 | 000,184,431 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 15:22:34 | 000,122,993 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 15:10:42 | 000,110,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 20:33:54 | 000,106,601 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 18:48:26 | 000,143,489 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 18:48:10 | 000,163,951 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/26 03:23:08 | 000,196,695 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2005/10/28 05:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - [2011/09/08 09:02:45 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\10509902.sys -- (10509902)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/05/26 19:21:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/26 19:20:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/13 09:15:46 | 000,071,168 | ---- | M] (© Everstrike Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\US30XP.sys -- (US30Sys)
DRV - [2008/07/31 23:38:20 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/14 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008/04/13 17:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/10/12 23:40:58 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/10/12 23:40:58 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2007/05/24 18:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/24 18:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/02/07 20:30:30 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/18 09:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/02/26 08:03:02 | 000,045,056 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agpkx.sys -- (uliagpkx)
DRV - [2006/02/26 08:02:58 | 000,027,648 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp8p.sys -- (amdagp8p)
DRV - [2005/04/19 15:14:00 | 000,014,671 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2005/03/28 09:12:42 | 000,033,408 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ULiAGP.sys -- (ULiAGP)
DRV - [2004/10/18 02:12:00 | 000,027,648 | ---- | M] (Transmeta Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tmagp.sys -- (tmagp)
DRV - [2004/06/29 05:25:26 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\DontGo.sys -- (dontgo)
DRV - [2004/04/02 00:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/11/04 23:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/01 19:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/09 20:54:34 | 000,009,809 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\hptpro.sys -- (hptpro)
DRV - [2001/08/17 05:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKU\S-1-5-21-1757981266-113007714-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {096fce39-df8c-49ad-a4ce-9ef4a875bb76}:1.0
FF - prefs.js..keyword.URL: "http://home.speedbit...spx?aff=206&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NexonPlugWebExtension: C:\Documents and Settings\All Users\Application Data\Nexon\NexonPlug\npPlugWire_1.0.0.0.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\Documents and Settings\All Users\Application Data\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 18:09:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 15:51:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox

[2010/10/03 00:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Extensions
[2011/09/24 22:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions
[2010/12/19 19:55:39 | 000,000,000 | ---D | M] ("FiZiX's PointGAINER [Works with Firefox 3.6 - Lpok08]") -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{096fce39-df8c-49ad-a4ce-9ef4a875bb76}
[2010/10/27 03:03:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Profiles\rxkse2uh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/24 22:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/05 23:47:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/07 19:42:26 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/09/07 19:42:22 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2010/11/05 23:47:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/11 16:37:02 | 000,252,080 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\mozilla firefox\plugins\npdap.dll
[2010/11/05 23:47:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 01:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

O1 HOSTS File: ([2011/09/24 14:43:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-682003330-1005\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1287651779109 (MUWebControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E2D4A5-2441-4FBB-AFC7-DB6526862D9B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin Shadow\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/13 22:57:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/23 19:38:36 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1757981266-113007714-682003330-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/25 11:46:55 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin Shadow\Desktop\TDSSKiller.exe
[2011/09/25 11:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\PCHealth
[2011/09/24 22:46:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin Shadow\Recent
[2011/09/24 15:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Desktop\Winject
[2011/09/24 15:09:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/24 15:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Desktop\GG2_V0.02
[2011/09/24 14:50:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/24 14:29:28 | 004,227,131 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin Shadow\Desktop\ComboFix.exe
[2011/09/24 14:16:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/24 14:14:47 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin Shadow\Desktop\OTL.exe
[2011/09/24 14:07:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/24 14:04:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/24 14:04:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/24 14:04:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/24 14:04:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/24 14:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/24 14:03:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/24 14:03:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin Shadow\Start Menu\Programs\Administrative Tools
[2011/09/24 09:01:00 | 000,000,000 | ---D | C] -- C:\found.000
[2011/09/23 23:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Application Data\Malwarebytes
[2011/09/23 20:34:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/09/23 19:38:36 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/09/23 17:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/23 17:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Application Data\SUPERAntiSpyware.com
[2011/09/23 17:13:18 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/23 17:13:18 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/09/23 15:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/22 19:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/22 16:59:49 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/21 17:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Tracing
[2011/09/21 16:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\AppData
[2011/09/21 16:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\AhnLab
[2011/09/12 18:25:12 | 003,480,352 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Admin Shadow\My Documents\ccsetup310.exe
[2011/09/07 22:58:10 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\10509902.sys
[2011/09/07 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Universal Shield
[2011/09/07 19:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Shield
[2011/09/07 19:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/09/07 19:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/09/07 19:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/09/07 18:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/09/01 15:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Desktop\GGTrainer 1.2.3
[2010/09/30 07:13:35 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[2010/09/30 02:07:56 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2010/09/30 02:07:55 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2010/09/30 02:07:55 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2010/09/30 02:07:55 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2010/09/30 02:07:54 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2010/09/30 02:07:54 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2010/09/30 02:07:54 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2010/09/30 02:07:54 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2010/09/30 02:07:54 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2010/09/30 02:07:54 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2010/09/30 02:07:53 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2010/09/30 02:07:53 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll

========== Files - Modified Within 30 Days ==========

[2011/09/25 11:40:30 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/25 11:33:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-113007714-682003330-1005UA.job
[2011/09/25 10:58:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/25 09:40:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/25 09:40:45 | 000,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/09/25 09:40:42 | 000,200,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/25 09:03:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/24 19:52:46 | 000,000,483 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\asdf.ini
[2011/09/24 16:33:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-113007714-682003330-1005Core.job
[2011/09/24 15:09:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/24 14:43:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/24 14:29:45 | 004,227,131 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin Shadow\Desktop\ComboFix.exe
[2011/09/24 14:14:57 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin Shadow\Desktop\OTL.exe
[2011/09/24 14:07:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/23 07:43:34 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin Shadow\Desktop\TDSSKiller.exe
[2011/09/22 19:30:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/21 20:34:36 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url
[2011/09/21 17:21:53 | 098,988,744 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\setup_11.0.0.1245.x01_2011_09_22_03_12.exe
[2011/09/20 15:25:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/12 18:25:44 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/12 18:25:25 | 003,480,352 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Admin Shadow\My Documents\ccsetup310.exe
[2011/09/09 02:12:13 | 000,599,040 | RH-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/08 09:02:45 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\10509902.sys
[2011/09/04 17:27:52 | 001,360,384 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\RiPE Star v2011-08-25.1.dll
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/09/25 09:02:05 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/25 08:59:34 | 000,200,144 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/24 19:52:46 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Desktop\asdf.ini
[2011/09/24 14:07:28 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/09/24 14:07:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/24 14:04:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/24 14:04:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/24 14:04:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/24 14:04:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/24 14:04:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/22 19:30:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/21 20:31:02 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url
[2011/09/21 17:21:35 | 098,988,744 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Desktop\setup_11.0.0.1245.x01_2011_09_22_03_12.exe
[2011/09/04 17:27:44 | 001,360,384 | ---- | C] () -- C:\Documents and Settings\Admin Shadow\Desktop\RiPE Star v2011-08-25.1.dll
[2011/06/30 21:42:35 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0621.old
[2011/04/25 17:53:33 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011/04/11 16:19:04 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2010/09/30 02:07:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2010/09/30 02:07:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2010/09/30 02:07:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2010/09/30 02:07:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2010/09/30 02:07:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2010/09/30 02:07:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2010/09/30 02:07:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2010/09/30 02:07:50 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2010/09/30 02:07:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2010/09/30 02:07:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2010/09/29 22:12:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/09/29 22:10:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/09/29 22:10:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/09/29 22:10:13 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/09/29 22:10:13 | 000,174,820 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/09/29 07:56:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/29 21:31:43 | 000,048,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\3waregsm.sys
[2008/08/29 21:31:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\3waresrv.exe
[2008/08/29 21:31:43 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\mv614x.sys
[2008/08/29 21:31:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\3warerun.exe
[2008/08/29 21:31:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/29 21:31:27 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\OEMInfo.ini
[2008/08/13 23:01:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/13 22:54:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/13 15:45:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/14 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 05:00:00 | 000,539,342 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 05:00:00 | 000,112,000 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/09/30 02:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin Shadow\Application Data\acccore
[2010/09/29 07:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2010/09/29 07:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/09/25 11:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2011/04/12 15:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/12/17 03:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/12/17 06:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/04/11 16:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2011/06/30 21:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/21 21:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/10/27 02:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumb [bleep] 5\Application Data\DMCache
[2010/10/22 18:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumb [bleep] 5\Application Data\DVDVideoSoftIEHelpers
[2010/10/22 08:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumb [bleep] 5\Application Data\GlarySoft
[2010/11/24 05:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumb [bleep] 5\Application Data\gtk-2.0
[2010/12/03 23:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumb [bleep] 5\Application Data\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >


Extras.txt
OTL Extras logfile created on: 9/25/2011 11:54:18 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Admin Shadow\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 75.25% Memory free
2.10 Gb Paging File | 1.88 Gb Available in Paging File | 89.48% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 60.34 Gb Free Space | 81.00% Space Free | Partition Type: NTFS

Computer Name: X6X8-20100929VB | User Name: Admin Shadow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\REACTOR\ijjiOptimizer.exe" = C:\Program Files\REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Documents and Settings\All Users\Application Data\Nexon\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\Nexon\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Documents and Settings\All Users\Application Data\Nexon\Common\NMService.exe" = C:\Documents and Settings\All Users\Application Data\Nexon\Common\NMService.exe:*:Enabled:Nexon Messenger Service -- (Nexon Corp.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Admin Shadow\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Alcatel-Lucent)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Nexon\MapleStory\GameLauncher.exe" = C:\Nexon\MapleStory\GameLauncher.exe:*:Enabled:GameLauncher -- ()
"C:\Nexon\MapleStory\Patcher.exe" = C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{415ADF7E-6DB8-4481-86C0-1CEC0163CC7B}" = Nexon Game Manager
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54E51672-DC3D-3204-BBF9-3AAF25CFF8AE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - chs
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FE}" = Universal Shield
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EF489873-07F8-373D-A9CB-9AC688ADA964}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CHS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FED06F73-84FD-38CA-ACCC-5A8380437993}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CHS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"ATI Display Driver" = ATI Display Driver
"BroadJump Client Foundation" = BroadJump Client Foundation
"CCleaner" = CCleaner
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MapleStory" = MapleStory
"Microsoft .NET Framework 3.5 Language Pack SP1 - chs" = Microsoft .NET Framework 3.5 SP1 语言包 - 简体中文
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NexonPlug" = 넥슨플러그
"PROPLUS" = Microsoft Office Professional Plus 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT015792" = FATE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = att.net Toolbar
"Yahoo! Mail" = att.net Internet Mail

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-113007714-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Circuit Construction Kit (AC+DC)" = Circuit Construction Kit (AC+DC)
"Circuit Construction Kit (DC Only)" = Circuit Construction Kit (DC Only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2011 9:44:32 PM | Computer Name = X6X8-20100929VB | Source = MBAMService | ID = 131073
Description =

Error - 6/30/2011 10:22:36 PM | Computer Name = X6X8-20100929VB | Source = Application Error | ID = 1000
Description = Faulting application maplestory.exe, version 1.0.0.1, faulting module
maplestory.exe, version 1.0.0.1, fault address 0x00724791.

Error - 7/1/2011 12:57:28 AM | Computer Name = X6X8-20100929VB | Source = pctsSvc.exe | ID = 0
Description =

Error - 7/1/2011 12:57:37 AM | Computer Name = X6X8-20100929VB | Source = Application Error | ID = 1000
Description = Faulting application regasm.exe, version 2.0.50727.3053, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 7/13/2011 8:04:22 PM | Computer Name = X6X8-20100929VB | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3623 - Fatal Execution Engine Error
(7A0BC58E) (80131506)

Error - 7/19/2011 1:03:49 PM | Computer Name = X6X8-20100929VB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0xffffffff.

Error - 7/26/2011 10:36:51 PM | Computer Name = X6X8-20100929VB | Source = Application Error | ID = 1000
Description = Faulting application maplestory.exe, version 1.0.0.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 8/2/2011 1:24:02 PM | Computer Name = X6X8-20100929VB | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0xffffffff.

Error - 8/7/2011 12:59:27 AM | Computer Name = X6X8-20100929VB | Source = Application Hang | ID = 1002
Description = Hanging application Winject.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/15/2011 8:52:24 PM | Computer Name = X6X8-20100929VB | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8117.416, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 3/22/2011 1:26:12 AM | Computer Name = X6X8-20100929VB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3892
seconds with 1800 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/24/2011 5:25:49 PM | Computer Name = X6X8-20100929VB | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%2

Error - 9/24/2011 5:25:53 PM | Computer Name = X6X8-20100929VB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 9/24/2011 5:42:55 PM | Computer Name = X6X8-20100929VB | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/24/2011 5:42:56 PM | Computer Name = X6X8-20100929VB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 9/25/2011 11:59:45 AM | Computer Name = X6X8-20100929VB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001372E0C2E0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/25/2011 12:00:06 PM | Computer Name = X6X8-20100929VB | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/25/2011 12:00:09 PM | Computer Name = X6X8-20100929VB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 9/25/2011 12:03:54 PM | Computer Name = X6X8-20100929VB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2539631).

Error - 9/25/2011 12:41:10 PM | Computer Name = X6X8-20100929VB | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 9/25/2011 12:41:11 PM | Computer Name = X6X8-20100929VB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >
  • 0

#6
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Winject folder and RiPE Star v2011-08-25.1.dll on your Desktop are unsafe:

17:38:48.671 File: C:\Documents and Settings\Admin Shadow\desktop\Winject.exe **INFECTED** Win32:Malware-gen

and there's a report here for the last one. I'm telling you this because I deleted Winject file from your Desktop and now i see you created a folder.
There's a chance that they're targetted by antivirus programs because they're hacktools, but there's also the chance that they are normal malware. I'm deleting them with the following OTL fix, but if you read this and insist to keep them, don't run the OTL fix but don't use these programs until we're done. It's not recommended to keep them though


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/09/24 15:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin Shadow\Desktop\Winject
    [2011/09/04 17:27:52 | 001,360,384 | ---- | M] () -- C:\Documents and Settings\Admin Shadow\Desktop\RiPE Star v2011-08-25.1.dll

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Next:

Please uninstall:

Java™ 6 Update 22


Upgrading Java:
  • Go here and click Free Java Download
  • It will offer you the latest version of java, download it and install it



Next:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next:

Please run a full kaspersky scan and delete if it finds anything. Tell me if it did find anything



Next:

Are there any more problems with your computer? How's it working?
  • 0

#7
dsxdawn

dsxdawn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
- Removed items you suggested [Done]
- Upgraded Java [Done]
- Ran Kasper Sky Quick Scan [Done; nothing suspicious]
- Ran MalwareBytes and removed infected items and rebooted [Done]



My computer is running like brand new! I truly thank You and the community for your efforts and patience!~ :)


Anyways here's the log you requested.
---------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7797

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/25/2011 6:30:28 PM
mbam-log-2011-09-25 (18-30-28).txt

Scan type: Quick scan
Objects scanned: 186972
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\02000000338c95951363c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000338c95951363o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000338c95951363p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000338c95951363s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
  • 0

#8
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Happy to hear that you're clean finally :unsure:

Congratulations! Your logs are clean! :) Now that you are clean, please follow these precautions in order to keep safe:


Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer.


Next:


Uninstall ComboFix from your computer:
  • Click on Start > Run
  • Type Combofix /Uninstall in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
    Posted Image

Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL for the last time and hit the cleanup button. It will remove all the programs we have used plus itself.

Next:

Note: If you are using Firefox I would suggest the use of these add-ons:
  • NoScript - for blocking ads and other potential website attacks.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.


Next:


Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.



Next:


Additional security programs - For additional security, the use of these tools is important:
  • Malwarebytes Anti-Malware. - Update the free version and scan with it often. It is an excellent scanning tool to have on your side.
  • The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial

Next:

Upgrading Java:
  • Go here and click Do I have Java
  • It will check your current version and then offer to update to the latest version, if there are any.


Next:


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Next:


Keep a backup of your important files to prevent future data loss.


Happy safe computing !! :yes:
  • 0

#9
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP