Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! Trojan Sharpro/Rootkit Mayham

Started by Arboreal , Oct 25 2011 01:59 AM

  • Please log in to reply

#1
Arboreal
Posted 25 October 2011 - 01:59 AM

Arboreal

    Member

  • Member
  • PipPip
  • 32 posts
Greetings,

I am new to Geeks to go, and have found you folks by recommendation form a friend. I recently noticed during a MWB scan that my PC picked up Trojan.Sharpro, and Malware Bytes said it quarantined it. Though thereafter I began getting search redirects and some issues with my wireless mouse software. I scanned again and found nothing, uninstalled the damaged mouse/keyboard software and attempted to reinstall. The reinstall didn't work, isues got worse and no I can't even uninstall the software. I am not sure if these occurrences are at all related, but I thought it might be relevant. About 36 hours later Malware Bytes picked out a Rootkit, and after removal it asked for a reboot. During the "Windows shutting down" screen it locked up on me. I manually restarted, and MWB said the rootkit was quarantined. I havn't seen any other redirects or issues, but my system seems to run a bit slower than usual and I don't want to risk the little bugger still hiding out and waiting to attack again. So here I am, any help?

Below I have pasted my most recent MWB log and after reading many of these forums, downloaded and ran Old Timer's OTL as well. I hope this will help us get started. Thanks You kindly.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8013

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/25/2011 3:56:12 AM
mbam-log-2011-10-25 (03-56-12).txt

Scan type: Quick scan
Objects scanned: 189867
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




************************************************************************************************************************


OTL logfile created on: 10/25/2011 2:47:58 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin Henry\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 77.25% Memory free
5.59 Gb Paging File | 5.06 Gb Available in Paging File | 90.48% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.31 Gb Total Space | 21.42 Gb Free Space | 11.95% Space Free | Partition Type: NTFS
Drive J: | 465.64 Gb Total Space | 4.08 Gb Free Space | 0.88% Space Free | Partition Type: FAT32

Computer Name: ITZAMNA | User Name: Kevin Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 01:15:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/15 11:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Mamba\RazerTray.exe
PRC - [2008/10/22 15:54:28 | 001,310,720 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/25 10:35:32 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 10:35:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/10/25 10:35:30 | 000,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/10/21 18:20:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/04/15 15:45:22 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2003/08/13 16:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 16:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\WINDOWS\system32\OSD.dll
MOD - [2007/04/02 08:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/10/28 14:11:16 | 000,516,096 | ---- | M] () -- C:\Program Files\AC3Filter\ac3filter.ax
MOD - [2004/09/28 05:54:48 | 000,330,240 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2004/09/28 05:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/09/28 05:54:48 | 000,149,504 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2004/08/10 08:00:00 | 000,154,112 | ---- | M] () -- C:\WINDOWS\system32\vbicodec.ax
MOD - [2003/05/30 17:47:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SVps.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LBTServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/17 10:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/11/02 16:42:42 | 001,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/10/25 10:35:34 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/10/25 10:35:32 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/10/25 10:35:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/10/25 10:35:30 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/06/22 12:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 12:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 04:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 04:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 04:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/04/15 15:45:22 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2003/10/30 13:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/08/13 16:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 16:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 16:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)


========== Driver Services (SafeList) ==========

DRV - [2011/10/25 02:44:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D08AEEF-5EC5-42A3-A172-5F52E15D7003}\MpKsl8384eb95.sys -- (MpKsl8384eb95)
DRV - [2011/10/24 16:05:18 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D08AEEF-5EC5-42A3-A172-5F52E15D7003}\MpKslb9a4b5b0.sys -- (MpKslb9a4b5b0)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/11 19:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/04/26 07:48:44 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Kevin Henry\Local Settings\temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/26 07:48:44 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Kevin Henry\Local Settings\temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/26 06:29:23 | 000,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\WinVd32.sys -- (WinVd32)
DRV - [2009/06/17 12:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/02/09 09:39:40 | 000,154,248 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mausbmp.sys -- (MAUSBMP) Service for M-Audio Mobile Pre (WDM)
DRV - [2009/01/18 17:24:40 | 000,114,024 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/10/24 10:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2007/08/30 03:00:04 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/08/30 02:59:56 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/08/30 02:59:54 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/08/30 02:59:44 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/08/30 02:59:40 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/08/30 02:59:26 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/27 21:24:52 | 002,297,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/06 00:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/13 18:48:32 | 001,266,380 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 19:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2000/12/05 20:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 8B A1 14 3D 14 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 77 04 24 6A 6E 39 9F 44 BD B5 48 4A CE C1 D0 9A [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=13&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mayanmaji...KIN/DT/DT.html"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/22 23:56:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 01:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 02:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/19 04:27:02 | 000,000,000 | ---D | M]

[2009/03/11 12:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Extensions
[2011/10/23 20:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions
[2010/04/28 06:09:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/22 08:22:19 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011/10/23 06:20:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{c976dde4-dde9-451b-809c-705bf03d723b}
[2009/10/29 21:50:10 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/10/23 20:54:41 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\[email protected]
[2010/09/17 10:41:48 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\personas@christopher(2).beard
[2009/05/16 08:29:50 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\searchplugins\winamp-search.xml
[2011/10/19 04:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/23 06:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/02 02:08:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/05/25 12:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/02 02:08:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/06/08 10:29:07 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/06/08 10:29:08 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2002/01/01 23:00:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CreateCD_Reminder] C:\WINDOWS\SONYSYS\VAIO Recovery\Reminder.exe (Sony Electronics, Inc)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File not found
O4 - HKCU..\Run: [Policies Update] rundll32 "C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Downloaded Installations\DownloadedUpdate\Downloadedup.dll",DllRegisterServer File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Kevin Henry\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F404F644-4694-479F-AC41-3FBF53B21CAF}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/01 15:43:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/29 11:05:06 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - J:\autorun.in_2.org -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 01:15:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
[2011/10/25 00:47:51 | 004,273,654 | ---- | C] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\ComboFix.exe
[2011/10/25 00:32:38 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\dds.scr
[2011/10/23 20:12:01 | 002,394,024 | ---- | C] (Logitech Inc.) -- C:\Documents and Settings\Kevin Henry\Desktop\setpoint630_smart.exe
[2011/10/23 20:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\My Documents\Downloads
[2011/10/23 06:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Logitech
[2011/10/23 06:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/10/23 06:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/10/23 06:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2011/10/23 06:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShared
[2011/10/23 06:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2011/10/23 03:02:12 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2011/10/23 02:41:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/23 02:28:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/19 04:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun
[2011/10/19 04:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/19 04:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2011/10/12 14:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Leadertech
[2011/10/12 14:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
[2011/10/12 14:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd(2)
[2011/10/12 14:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Logitech(2)
[2011/10/12 14:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Application Data\Logishrd
[2011/10/12 06:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin Henry\Desktop\fighter
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/25 02:49:45 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/25 02:44:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/25 02:43:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 02:11:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/25 01:15:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin Henry\Desktop\OTL.exe
[2011/10/25 00:48:08 | 004,273,654 | ---- | M] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\ComboFix.exe
[2011/10/25 00:32:44 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Kevin Henry\Desktop\dds.scr
[2011/10/24 21:11:49 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/10/24 12:11:13 | 000,007,435 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\294097_245499938835336_100001259968097_741869_1822615267_n.jpg
[2011/10/23 06:33:08 | 000,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/23 01:57:58 | 000,026,056 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Desktop\Untitled 1.odt
[2011/10/23 01:49:09 | 000,287,582 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\census.cache
[2011/10/23 01:48:43 | 000,235,003 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\ars.cache
[2011/10/22 21:09:33 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\bbda8e33
[2011/10/22 21:07:56 | 000,001,123 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\4ca2f9c9
[2011/10/22 21:07:39 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\5b0771cc
[2011/10/19 05:12:33 | 000,011,881 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\My Documents\Post Office Screw Up 10-19-11.odt
[2011/10/15 00:07:00 | 061,561,684 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\My Documents\TSR 2148 The Complete Barbarian's Handbook.tif
[2011/10/13 10:27:19 | 000,471,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 10:27:19 | 000,083,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 10:21:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/12 14:25:16 | 002,394,024 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\Kevin Henry\Desktop\setpoint630_smart.exe
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleacc(2).dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc(2).dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/24 12:11:08 | 000,007,435 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\294097_245499938835336_100001259968097_741869_1822615267_n.jpg
[2011/10/23 01:57:56 | 000,026,056 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Desktop\Untitled 1.odt
[2011/10/23 01:49:09 | 000,287,582 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\census.cache
[2011/10/23 01:48:43 | 000,235,003 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\ars.cache
[2011/10/22 20:35:48 | 000,001,123 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\4ca2f9c9
[2011/10/22 20:35:46 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\5b0771cc
[2011/10/22 19:24:45 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\bbda8e33
[2011/10/19 05:12:33 | 000,011,881 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\My Documents\Post Office Screw Up 10-19-11.odt
[2011/10/15 00:07:00 | 061,561,684 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\My Documents\TSR 2148 The Complete Barbarian's Handbook.tif
[2011/04/17 10:24:47 | 000,003,444 | -HS- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/17 10:24:47 | 000,003,444 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/03/18 18:41:36 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\Profile1.dat
[2011/01/22 05:39:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Oxakada.dat
[2011/01/22 05:39:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kbozoquqisefa.bin
[2010/11/10 19:31:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/09 01:22:04 | 000,024,640 | ---- | C] () -- C:\Program Files\Common Files\security
[2010/09/01 13:32:21 | 000,049,104 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/02 20:28:35 | 000,004,040 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\Profile0.dat
[2010/02/03 19:27:49 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/03 07:02:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\prvlcl.dat
[2009/11/05 23:32:10 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Application Data\setup_ldm.iss
[2009/10/26 06:29:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2009/10/26 06:29:21 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2009/10/12 16:02:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\housecall.guid.cache
[2009/10/07 09:54:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/31 14:00:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/08/20 20:16:12 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/11 12:34:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/03 11:00:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/03/01 03:15:03 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/27 15:42:51 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\fusioncache.dat
[2009/02/27 15:32:44 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/02/27 14:41:07 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2009/02/27 14:37:32 | 000,000,178 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2009/02/27 14:36:43 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/27 14:36:43 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/27 14:36:43 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/27 14:36:43 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/27 14:36:43 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/27 14:36:43 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/02/27 14:35:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/27 14:29:11 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2007/07/19 12:50:12 | 000,104,520 | ---- | C] () -- C:\WINDOWS\System32\OSD.dll
[2007/04/01 10:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 09:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/12/01 18:51:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/12/01 18:35:28 | 000,606,208 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2004/12/01 17:43:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/01 17:16:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/12/01 17:16:58 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004/12/01 17:16:58 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2004/12/01 16:59:21 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2004/12/01 16:49:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/12/01 15:51:57 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/12/01 15:45:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/01 15:40:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/12/01 14:29:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/12/01 14:28:46 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/12/01 14:28:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/01 14:28:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/12/01 14:28:13 | 000,471,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/12/01 14:28:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/12/01 14:28:13 | 000,083,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/12/01 14:28:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/12/01 14:28:13 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/12/01 14:28:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/01 14:28:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/12/01 14:28:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/12/01 14:28:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/12/01 14:28:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/12/01 07:35:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/01 07:34:29 | 000,236,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/23 09:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/06 12:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 14:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 18:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 18:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe
[2002/01/09 20:47:38 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2002/01/09 20:47:34 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2002/01/09 20:47:34 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2002/01/09 20:47:19 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2002/01/09 20:04:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2002/01/01 20:39:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2002/01/01 20:39:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2002/01/01 20:39:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2002/01/01 20:39:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2002/01/01 20:39:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/24 20:00:40 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


*****************************************************************************************************************************************


OTL Extras logfile created on: 10/25/2011 2:47:58 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kevin Henry\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 77.25% Memory free
5.59 Gb Paging File | 5.06 Gb Available in Paging File | 90.48% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.31 Gb Total Space | 21.42 Gb Free Space | 11.95% Space Free | Partition Type: NTFS
Drive J: | 465.64 Gb Total Space | 4.08 Gb Free Space | 0.88% Space Free | Partition Type: FAT32

Computer Name: ITZAMNA | User Name: Kevin Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with PhotoLine 32...] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\SoundSpectrum\G-Force\G-Force V-Bar.exe" = C:\Program Files\SoundSpectrum\G-Force\G-Force V-Bar.exe:*:Disabled:G-Force V-Bar -- ()
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe:*:Disabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
"{25CF0627-2EF6-4FCE-A0DE-7D6350C774B2}" = VAIO Original Screen Saver VAIO Scene HD Normal Contents
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2C39F7CF-E022-4C0D-B1BA-AF6DDD931054}" = ArcSoft MediaImpression
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}" = Sony TV Tuner Library 1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6438691E-D44E-4A18-B6C4-D1EB26281D6A}" = Native Instruments Mikro Prism
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C6ED584-9F75-4235-8718-1F35B59814E8}" = Mamba Firmware Updater 1.13
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{6FE6402D-AAC9-4C2D-9AFB-2F5CAE28784C}" = GuildPortal Synch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}" = Razer Mamba
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{91ADB100-2654-4F20-A319-3088D356DEED}" = MobilePre
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.02 Menu Data
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D36B1F7D-3B51-4DBC-A4AE-F25B06DF2AD1}" = VAIO Control Center
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E715FA41-46EB-4D3F-B4D9-A45973E76026}" = VAIO Structure Wallpaper
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.3.01
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"AOL Setup" = AOL Setup
"Audacity_is1" = Audacity 1.2.6
"Blender" = Blender (remove only)
"Camel Audio Alchemy" = Camel Audio Alchemy
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Elven Mists 21.0" = Elven Mists 2
"Fraps" = Fraps (remove only)
"G-Force" = G-Force
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MoodLogic" = MoodLogic
"Movielink eHome_is1" = Movielink eHome version 1.1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Native Instruments Mikro Prism" = Native Instruments Mikro Prism
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opanda PowerExif Standard Trial_is1" = Opanda PowerExif 1.2 Standard Trial
"OpenAL" = OpenAL
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-08-02-01
"PhotoLine 32_is1" = PhotoLine 32,Version 11.51
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SoftSkies" = SoftSkies
"sp6" = Logitech SetPoint 6.30
"Steinberg HALion Symphonic Orchestra 16-bit Edition" = Steinberg HALion Symphonic Orchestra 16-bit Edition
"Syncrosoft License Control" = Syncrosoft License Control
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Tweak UI 2.10" = Tweak UI
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Welcome to VAIO life" = Welcome to VAIO life
"WhiteCap" = WhiteCap
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2011 5:38:07 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/24/2011 5:38:07 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/24/2011 5:38:07 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/24/2011 5:38:07 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/24/2011 5:38:37 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/24/2011 5:38:37 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/24/2011 9:12:59 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/24/2011 9:13:00 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 10/25/2011 1:06:34 AM | Computer Name = ITZAMNA | Source = Media Center Guide | ID = 47
Description = Event Info: The Guide listings you have selected are no longer available.
Go to Set Up Guide Listings in Media Center TV Settings. Process: DefaultDomain Object
Name: Microsoft.Ehome.Epg.Ehepgdat

Error - 10/25/2011 2:45:01 AM | Computer Name = ITZAMNA | Source = JavaQuickStarterService | ID = 1
Description =

[ Application Events ]
Error - 10/24/2011 5:38:07 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/24/2011 5:38:07 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/24/2011 5:38:07 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/24/2011 5:38:07 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/24/2011 5:38:37 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/24/2011 5:38:37 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/24/2011 9:12:59 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/24/2011 9:13:00 PM | Computer Name = ITZAMNA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 10/25/2011 1:06:34 AM | Computer Name = ITZAMNA | Source = Media Center Guide | ID = 47
Description = Event Info: The Guide listings you have selected are no longer available.
Go to Set Up Guide Listings in Media Center TV Settings. Process: DefaultDomain Object
Name: Microsoft.Ehome.Epg.Ehepgdat

Error - 10/25/2011 2:45:01 AM | Computer Name = ITZAMNA | Source = JavaQuickStarterService | ID = 1
Description =

[ Media Center Events ]
Error - 12/19/2009 2:06:18 AM | Computer Name = ITZAMNA | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/19/2009 1:06:18 AM. You may need to reschedule your recordings.

Error - 12/22/2010 3:57:10 PM | Computer Name = ITZAMNA | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/22/2010 2:57:09 PM. You may need to reschedule your recordings.

Error - 3/23/2011 4:41:26 PM | Computer Name = ITZAMNA | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 3/23/2011 4:41:26 PM. You may need to reschedule your recordings.

Error - 8/16/2011 9:04:41 PM | Computer Name = ITZAMNA | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 8/16/2011 9:04:41 PM. You may need to reschedule your recordings.

Error - 8/29/2011 8:28:18 PM | Computer Name = ITZAMNA | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 8/29/2011 8:28:17 PM. You may need to reschedule your recordings.

Error - 10/6/2011 5:58:26 PM | Computer Name = ITZAMNA | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 10/6/2011 5:58:25 PM. You may need to reschedule your recordings.

Error - 10/10/2011 1:28:17 PM | Computer Name = ITZAMNA | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 10/10/2011 1:28:16 PM. You may need to reschedule your recordings.

[ System Events ]
Error - 10/24/2011 3:52:01 PM | Computer Name = ITZAMNA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/24/2011 3:52:01 PM | Computer Name = ITZAMNA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/24/2011 11:57:08 PM | Computer Name = ITZAMNA | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_TMCOMM\0000 disappeared from the system without
first being prepared for removal.

Error - 10/25/2011 2:45:59 AM | Computer Name = ITZAMNA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c99c256096fa40) service to connect.

Error - 10/25/2011 2:45:59 AM | Computer Name = ITZAMNA | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c99c256096fa40) service failed
to start due to the following error: %%1053

Error - 10/25/2011 2:45:59 AM | Computer Name = ITZAMNA | Source = Service Control Manager | ID = 7000
Description = The Logitech Beep Suppression Driver service failed to start due to
the following error: %%2

Error - 10/25/2011 2:45:59 AM | Computer Name = ITZAMNA | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
1 (0x1).

Error - 10/25/2011 2:45:59 AM | Computer Name = ITZAMNA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Trend Micro RUBotted
Service service to connect.

Error - 10/25/2011 2:45:59 AM | Computer Name = ITZAMNA | Source = Service Control Manager | ID = 7000
Description = The Trend Micro RUBotted Service service failed to start due to the
following error: %%1053

Error - 10/25/2011 2:45:59 AM | Computer Name = ITZAMNA | Source = Service Control Manager | ID = 7000
Description = The WinFLdrv service failed to start due to the following error: %%2


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 25 October 2011 - 12:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Uninstall:
J2SE Runtime Environment 5.0
Java™ 6 Update 7
Java™ 6 Update 22

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File not found
O4 - HKCU..\Run: [Policies Update] rundll32 "C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\Downloaded Installations\DownloadedUpdate\Downloadedup.dll",DllRegisterServer File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - File not found
O32 - AutoRun File - [2009/01/29 11:05:06 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 10:30:42 | 000,000,054 | RHS- | M] () - J:\autorun.in_2.org -- [ FAT32 ]
[2011/10/22 21:09:33 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\bbda8e33
[2011/10/22 21:07:56 | 000,001,123 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\4ca2f9c9
[2011/10/22 21:07:39 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Kevin Henry\Application Data\5b0771cc
[2011/04/17 10:24:47 | 000,003,444 | -HS- | C] () -- C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/04/17 10:24:47 | 000,003,444 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7
[2011/01/22 05:39:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Oxakada.dat
[2011/01/22 05:39:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kbozoquqisefa.bin
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config LBTServ start= disabled /c
    
:Commands
[RESETHOSTS]
[purity]
[EMPTYJAVA]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Please copy and paste your last Combofix log.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Ron
  • 0

#3
Arboreal
Posted 26 October 2011 - 07:03 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hello Once Again,

Okay, I'm sorry to say, I only have 3 of the 4 logs you requested. There is a new set of symptoms that has emerged, and caused me to hold off on running ComboFix.

1) I cannot unistall Java6 update 22. It tells me it is being used and cannot be uninstalled. The J2SE Runtime Environment and the Update 7 uninstalled without issue.

2) Now when turn off my Real Time Protection and firewall and then run ComboFix, COmboFix tells me that AVG is running. I have not had AVG on this computer in almost a year. I tried looking for it in the Add/Remove files list, and it's not there. I tried manually uninstalling it from the old program icon and it says it can't find certain files to uninstall it. So, I decided to tell you about this first before going further with ComboFix.

3) Upon rebooting my PC, it stalls out at the "Windows is shutting down" screen every time. Where as before this was infrequent and sporadic, now it seems to do it without fail every reboot or shutdown.

4)After running the TdssKiller program it found a RootKit, when done, it prompted for a reboot and of course, stalled out. I waited an hour thinking maybe it was working still, but to no avail I eventually had to manually reboot. Upon the restart, the program did not seem to leave any log.

Alright, now that being said, below I will post the 2 logs I did manage to acquire.




========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EvtMgr6 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Policies Update deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn\ deleted successfully.
File not found.
J:\autorun.in_2.org moved successfully.
C:\Documents and Settings\Kevin Henry\Application Data\bbda8e33 moved successfully.
C:\Documents and Settings\Kevin Henry\Application Data\4ca2f9c9 moved successfully.
C:\Documents and Settings\Kevin Henry\Application Data\5b0771cc moved successfully.
C:\Documents and Settings\Kevin Henry\Local Settings\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7 moved successfully.
C:\Documents and Settings\All Users\Application Data\b0se3umyo1dr8xdjlk14y73mq7bw5tu1v871iw0v3y4la7 moved successfully.
C:\WINDOWS\Oxakada.dat moved successfully.
C:\WINDOWS\Kbozoquqisefa.bin moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Kevin Henry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kevin Henry\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Kevin Henry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kevin Henry\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Kevin Henry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kevin Henry\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Kevin Henry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kevin Henry\Desktop\cmd.txt deleted successfully.
< sc config LBTServ start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Kevin Henry\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kevin Henry\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Kevin Henry
->Java cache emptied: 6406 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: WMV_r537_32bit_DEVWORK

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10262011_170956

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



*******************



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-26 19:44:12
-----------------------------
19:44:12.421 OS Version: Windows 5.1.2600 Service Pack 3
19:44:12.421 Number of processors: 2 586 0x401
19:44:12.421 ComputerName: ITZAMNA UserName:
19:44:12.968 Initialize success
19:52:55.437 AVAST engine defs: 11102600
19:54:32.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-19
19:54:32.687 Disk 0 Vendor: WDC_WD2000JD-98HBB0 08.02D08 Size: 190782MB BusType: 3
19:54:34.703 Disk 0 MBR read successfully
19:54:34.703 Disk 0 MBR scan
19:54:34.765 Disk 0 unknown MBR code
19:54:34.765 Disk 0 scanning sectors +390716865
19:54:34.859 Disk 0 scanning C:\WINDOWS\system32\drivers
19:54:45.234 Service scanning
19:54:46.281 Modules scanning
19:55:21.328 Disk 0 trace - called modules:
19:55:21.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:55:21.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aed5ab8]
19:55:21.359 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8aee3398]
19:55:21.359 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-19[0x8af2cd98]
19:55:21.859 AVAST engine scan C:\WINDOWS
19:55:31.390 AVAST engine scan C:\WINDOWS\system32
19:57:36.625 AVAST engine scan C:\WINDOWS\system32\drivers
19:57:56.312 AVAST engine scan C:\Documents and Settings\Kevin Henry
20:19:25.000 File: C:\Documents and Settings\Kevin Henry\Local Settings\temp\114.tmp **INFECTED** Win32:Rorpian-J [Trj]
20:20:07.968 File: C:\Documents and Settings\Kevin Henry\Local Settings\temp\nsjAB.tmp\blog.html **INFECTED** Win32:Malware-gen
20:20:08.250 File: C:\Documents and Settings\Kevin Henry\Local Settings\temp\nsjAB.tmp\tbd.txt **INFECTED** Win32:BHO-AES [Adw]
20:25:48.687 AVAST engine scan C:\Documents and Settings\All Users
20:31:18.078 Scan finished successfully
20:37:46.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kevin Henry\Desktop\MBR.dat"
20:37:46.390 The log file has been saved successfully to "C:\Documents and Settings\Kevin Henry\Desktop\aswMBRlog1.txt"


Thanks a lot for you assistance in this matter Ron, it is much appreciated.
  • 0

#4
Arboreal
Posted 26 October 2011 - 07:05 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
lol oops, 2 of the 3 logs - not 3 of the 4. :)
  • 0

#5
Arboreal
Posted 26 October 2011 - 07:20 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Addendum:

So, I guess I missed the little "Report" button on TDSSKiller. Here is the report:




20:59:28.0828 2132 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
20:59:29.0171 2132 ============================================================
20:59:29.0171 2132 Current date / time: 2011/10/26 20:59:29.0171
20:59:29.0171 2132 SystemInfo:
20:59:29.0171 2132
20:59:29.0171 2132 OS Version: 5.1.2600 ServicePack: 3.0
20:59:29.0171 2132 Product type: Workstation
20:59:29.0171 2132 ComputerName: ITZAMNA
20:59:29.0171 2132 UserName: Kevin Henry
20:59:29.0171 2132 Windows directory: C:\WINDOWS
20:59:29.0171 2132 System windows directory: C:\WINDOWS
20:59:29.0171 2132 Processor architecture: Intel x86
20:59:29.0171 2132 Number of processors: 2
20:59:29.0171 2132 Page size: 0x1000
20:59:29.0171 2132 Boot type: Normal boot
20:59:29.0171 2132 ============================================================
20:59:35.0093 2132 Initialize success

Edited by Arboreal, 26 October 2011 - 07:22 PM.

  • 0

#6
RKinner
Posted 26 October 2011 - 07:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe
Run the Avg Remover

Run Combofix. If it still claims AVG is running see if you can get it to run anyway.

Try TDSSKiller again.

Ron
  • 0

#7
Arboreal
Posted 27 October 2011 - 12:30 AM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
@ the risk of sounding unprofessionalnal -

Brother, you rock!

AVG seems to be removed! On to Combofix!!! I'll get right back to you, ASAP.

Thanks!

:)
  • 0

#8
Arboreal
Posted 27 October 2011 - 07:49 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Ok,
I have been trying to unistall the mysterious AVG using the remover to no avail. I run the program, it prompts me for removal then a command prompt screen appears, runs a bunch of script, reboots (which is working again), but according to combofix it's still there and active. I have attempted this several times, the first few it rebooted, the last few it doesn't even reboot and runs less script. What is going on?

Looked it up on the web and found this seems to be a common problem, and many different suggested solutions than some report work and some report do not.
  • 0

#9
RKinner
Posted 27 October 2011 - 09:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Combofix doesn't really know if AVG is there or not so it asks Windows (WMI I think) which for some stupid reason says it is. Normally it will run even if AVG is there - it will just protest. Once it runs once I can tell it to remove the AVG indication from Windows.

Ron
  • 0

#10
Arboreal
Posted 28 October 2011 - 02:03 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hello again,

So I ran COmboFix, still said AVG was running, but seemed to run its course okay. Oh yea, I forgot to mention this before, but the "Fix" button was greyed out during the aswMBR.exe scan. So, below I will post the ComboFix log. ( :



ComboFix 11-10-28.04 - Kevin Henry 10/28/2011 14:46:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2289 [GMT -4:00]
Running from: c:\documents and settings\Kevin Henry\Desktop\ComboFix.exe
AV: AVG Internet Security *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kevin Henry\Application Data\inst.exe
c:\documents and settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{c976dde4-dde9-451b-809c-705bf03d723b}
c:\documents and settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{c976dde4-dde9-451b-809c-705bf03d723b}\chrome\xulcache.jar
c:\documents and settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{c976dde4-dde9-451b-809c-705bf03d723b}\defaults\preferences\xulcache.js
c:\documents and settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\extensions\{c976dde4-dde9-451b-809c-705bf03d723b}\install.rdf
c:\documents and settings\Kevin Henry\Application Data\vso_ts_preview.xml
c:\documents and settings\WMV_r537_32bit_DEVWORK\fbxsdk_20113.dll
c:\documents and settings\WMV_r537_32bit_DEVWORK\wowmodelview32.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iun6002.exe
c:\windows\kb835221.exe
c:\windows\setup.exe
c:\windows\system32\d3d9caps.dat
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsmedia10-kb886612-x86-enu.exe
c:\windows\windowsxp-kb834707-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxpmediacenter2005-kb873369-enu.exe
J:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 12:19 . 2011-10-28 12:19 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A66C0C5-C4A4-48F8-BDBB-EB026C14C39F}\MpKsl8cef66cd.sys
2011-10-28 12:19 . 2011-10-28 18:03 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A66C0C5-C4A4-48F8-BDBB-EB026C14C39F}\offreg.dll
2011-10-28 05:14 . 2011-10-07 00:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A66C0C5-C4A4-48F8-BDBB-EB026C14C39F}\mpengine.dll
2011-10-26 20:46 . 2011-10-26 20:46 47360 ----a-w- c:\documents and settings\Kevin Henry\Application Data\pcouffin.sys
2011-10-25 11:22 . 2011-10-28 03:19 -------- d-----w- C:\Click to DVD 2
2011-10-25 11:14 . 2011-10-26 20:46 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Vso
2011-10-25 11:02 . 2011-10-25 11:02 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\AVS4YOU
2011-10-25 10:59 . 2011-10-26 20:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-10-25 10:58 . 2011-10-26 20:45 -------- d-----w- c:\program files\AVS4YOU
2011-10-25 10:58 . 2011-10-25 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2011-10-25 10:58 . 2010-09-14 22:38 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-10-25 10:36 . 2011-10-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-10-25 10:35 . 2011-10-26 21:06 -------- d-----w- c:\program files\NCH Software
2011-10-25 10:35 . 2011-10-26 21:06 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\NCH Software
2011-10-23 10:27 . 2011-10-24 00:12 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Logitech
2011-10-23 10:27 . 2011-10-23 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2011-10-23 10:27 . 2011-10-24 00:12 -------- d-----w- c:\program files\Common Files\Logishrd
2011-10-23 10:27 . 2011-10-23 10:27 -------- d-----w- c:\program files\Common Files\LogiShared
2011-10-23 10:21 . 2011-10-23 10:21 -------- d-----w- c:\program files\JRE
2011-10-23 06:28 . 2011-10-23 06:28 -------- d-----w- C:\_OTL
2011-10-12 18:28 . 2011-10-12 18:28 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Leadertech
2011-10-12 18:25 . 2011-10-24 00:54 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Logishrd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 00:48 . 2011-02-19 21:45 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc(2).dll
2011-09-26 15:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 15:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc(2).dll
2011-09-09 09:12 . 2004-12-01 18:28 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-12-01 18:28 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-06 13:20 . 2004-12-01 18:28 1858944 ----a-w- c:\windows\system32\win32k(2).sys
2011-09-03 10:17 . 2004-12-01 18:28 599040 ----a-w- c:\windows\system32\crypt32(2).dll
2011-08-31 21:00 . 2011-03-19 21:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-23 21:48 . 2007-08-13 23:54 11081728 ----a-w- c:\windows\system32\ieframe(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-12-01 18:28 916480 ----a-w- c:\windows\system32\wininet(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 1212416 ----a-w- c:\windows\system32\urlmon(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 105984 ----a-w- c:\windows\system32\url(2).dll
2011-08-22 23:48 . 2007-08-13 23:34 2000384 ----a-w- c:\windows\system32\iertutil(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-12-01 18:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-12-01 18:28 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-12-01 18:27 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-02 06:08 . 2011-05-08 17:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Kevin Henry\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-5 813584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 15:03 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Kevin Henry\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 MpKsl8cef66cd;MpKsl8cef66cd;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A66C0C5-C4A4-48F8-BDBB-EB026C14C39F}\MpKsl8cef66cd.sys [10/28/2011 8:19 AM 28752]
R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/19/2011 5:36 PM 366152]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/24/2010 1:39 AM 632792]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2/27/2009 4:13 PM 114024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/19/2011 5:36 PM 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/9/2002 7:59 PM 100456]
S0 rnbhxlg;rnbhxlg;c:\windows\system32\drivers\uecgsw.sys --> c:\windows\system32\drivers\uecgsw.sys [?]
S1 MpKsl790fb146;MpKsl790fb146;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5404FE08-C091-48C5-802B-A413B803AFA5}\MpKsl790fb146.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5404FE08-C091-48C5-802B-A413B803AFA5}\MpKsl790fb146.sys [?]
S1 MpKsl90447d85;MpKsl90447d85;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A797857B-AA2E-41F6-BED8-1AFBC0E37BEB}\MpKsl90447d85.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A797857B-AA2E-41F6-BED8-1AFBC0E37BEB}\MpKsl90447d85.sys [?]
S1 MpKslc337ba99;MpKslc337ba99;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{207D4B3F-DFA5-4E19-B0F6-655B278E90A3}\MpKslc337ba99.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{207D4B3F-DFA5-4E19-B0F6-655B278E90A3}\MpKslc337ba99.sys [?]
S2 gupdate1c99c256096fa40;Google Update Service (gupdate1c99c256096fa40);c:\program files\Google\Update\GoogleUpdate.exe [3/3/2009 1:27 PM 133104]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys --> c:\windows\system32\Drivers\LBeepKE.sys [?]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2/6/2011 1:20 AM 439632]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys --> c:\windows\system32\WinFLdrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/3/2009 1:27 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\drivers\mausbmp.sys [8/12/2009 7:59 PM 154248]
S3 SASENUM;SASENUM;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [4/17/2009 2:35 PM 23288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 17:27]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 17:27]
.
2011-10-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.mayanmajix.com/TZOLKIN/DT/DT.html
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6da8d&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\14.0.835.202\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 14:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2156851215-281014071-3479504740-1005\Software\SecuROM\License information*]
"datasecu"=hex:c8,10,ad,78,94,68,98,bd,31,f5,c7,ea,68,73,4a,31,8b,ba,9b,96,ee,
d4,9e,af,44,31,37,e1,2e,d8,9e,7e,47,b4,d4,be,3a,37,09,db,bb,5d,07,03,ec,2f,\
"rkeysecu"=hex:ac,99,07,cc,43,b8,3d,b2,37,2f,23,5d,5c,8e,d9,ff
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com.../premiere.html"
"Search"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""
.
Completion time: 2011-10-28 14:55:05
ComboFix-quarantined-files.txt 2011-10-28 18:55
.
Pre-Run: 17,117,782,016 bytes free
Post-Run: 17,700,749,312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - FF9CC574A827A63E4EF190EF0108B85A




:)
  • 0

Advertisements

#11
RKinner
Posted 29 October 2011 - 12:18 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::
AV: AVG Internet Security *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\uecgsw.sys

Driver::
rnbhxlg
MpKsl790fb146
MpKsl90447d85
MpKslc337ba99

RootKit::
c:\windows\system32\drivers\uecgsw.sys


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#12
Arboreal
Posted 29 October 2011 - 07:50 PM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
okay, here it is:


ComboFix 11-10-29.06 - Kevin Henry 10/29/2011 21:25:57.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2244 [GMT -4:00]
Running from: c:\documents and settings\Kevin Henry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kevin Henry\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\uecgsw.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL790FB146
-------\Legacy_MPKSLC337BA99
-------\Service_MpKsl790fb146
-------\Service_MpKsl90447d85
-------\Service_MpKslc337ba99
-------\Service_rnbhxlg
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 01:38 . 2011-10-30 01:38 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9480B621-BE9B-499A-84E9-57BD0F9BF6E7}\offreg.dll
2011-10-29 21:48 . 2011-10-29 21:48 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9480B621-BE9B-499A-84E9-57BD0F9BF6E7}\MpKsl902bb54a.sys
2011-10-29 21:44 . 2011-10-07 00:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9480B621-BE9B-499A-84E9-57BD0F9BF6E7}\mpengine.dll
2011-10-26 20:46 . 2011-10-26 20:46 47360 ----a-w- c:\documents and settings\Kevin Henry\Application Data\pcouffin.sys
2011-10-25 11:22 . 2011-10-28 03:19 -------- d-----w- C:\Click to DVD 2
2011-10-25 11:14 . 2011-10-26 20:46 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Vso
2011-10-25 11:02 . 2011-10-25 11:02 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\AVS4YOU
2011-10-25 10:59 . 2011-10-26 20:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-10-25 10:58 . 2011-10-26 20:45 -------- d-----w- c:\program files\AVS4YOU
2011-10-25 10:58 . 2011-10-25 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2011-10-25 10:58 . 2010-09-14 22:38 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-10-25 10:36 . 2011-10-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-10-25 10:35 . 2011-10-26 21:06 -------- d-----w- c:\program files\NCH Software
2011-10-25 10:35 . 2011-10-26 21:06 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\NCH Software
2011-10-23 10:27 . 2011-10-24 00:12 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Logitech
2011-10-23 10:27 . 2011-10-23 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2011-10-23 10:27 . 2011-10-24 00:12 -------- d-----w- c:\program files\Common Files\Logishrd
2011-10-23 10:27 . 2011-10-23 10:27 -------- d-----w- c:\program files\Common Files\LogiShared
2011-10-23 10:21 . 2011-10-23 10:21 -------- d-----w- c:\program files\JRE
2011-10-23 06:28 . 2011-10-23 06:28 -------- d-----w- C:\_OTL
2011-10-12 18:28 . 2011-10-12 18:28 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Leadertech
2011-10-12 18:25 . 2011-10-24 00:54 -------- d-----w- c:\documents and settings\Kevin Henry\Application Data\Logishrd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 00:48 . 2011-02-19 21:45 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc(2).dll
2011-09-26 15:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 15:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc(2).dll
2011-09-09 09:12 . 2004-12-01 18:28 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-12-01 18:28 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-06 13:20 . 2004-12-01 18:28 1858944 ----a-w- c:\windows\system32\win32k(2).sys
2011-09-03 10:17 . 2004-12-01 18:28 599040 ----a-w- c:\windows\system32\crypt32(2).dll
2011-08-31 21:00 . 2011-03-19 21:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-23 21:48 . 2007-08-13 23:54 11081728 ----a-w- c:\windows\system32\ieframe(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-12-01 18:28 916480 ----a-w- c:\windows\system32\wininet(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 1212416 ----a-w- c:\windows\system32\urlmon(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 105984 ----a-w- c:\windows\system32\url(2).dll
2011-08-22 23:48 . 2007-08-13 23:34 2000384 ----a-w- c:\windows\system32\iertutil(2).dll
2011-08-22 23:48 . 2004-12-01 18:28 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-12-01 18:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-12-01 18:28 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-12-01 18:27 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-02 06:08 . 2011-05-08 17:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Kevin Henry\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-5 813584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 15:03 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Kevin Henry\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 MpKsl902bb54a;MpKsl902bb54a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9480B621-BE9B-499A-84E9-57BD0F9BF6E7}\MpKsl902bb54a.sys [10/29/2011 5:48 PM 28752]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/19/2011 5:36 PM 366152]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/24/2010 1:39 AM 632792]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2/27/2009 4:13 PM 114024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/19/2011 5:36 PM 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/9/2002 7:59 PM 100456]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 gupdate1c99c256096fa40;Google Update Service (gupdate1c99c256096fa40);c:\program files\Google\Update\GoogleUpdate.exe [3/3/2009 1:27 PM 133104]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys --> c:\windows\system32\Drivers\LBeepKE.sys [?]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2/6/2011 1:20 AM 439632]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys --> c:\windows\system32\WinFLdrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/3/2009 1:27 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MAUSBMP;Service for M-Audio Mobile Pre (WDM);c:\windows\system32\drivers\mausbmp.sys [8/12/2009 7:59 PM 154248]
S3 SASENUM;SASENUM;\??\c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\KEVINH~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [4/17/2009 2:35 PM 23288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 17:27]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 17:27]
.
2011-10-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Kevin Henry\Application Data\Mozilla\Firefox\Profiles\gsyvke5k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.mayanmajix.com/TZOLKIN/DT/DT.html
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6da8d&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-29 21:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2156851215-281014071-3479504740-1005\Software\SecuROM\License information*]
"datasecu"=hex:c8,10,ad,78,94,68,98,bd,31,f5,c7,ea,68,73,4a,31,8b,ba,9b,96,ee,
d4,9e,af,44,31,37,e1,2e,d8,9e,7e,47,b4,d4,be,3a,37,09,db,bb,5d,07,03,ec,2f,\
"rkeysecu"=hex:ac,99,07,cc,43,b8,3d,b2,37,2f,23,5d,5c,8e,d9,ff
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com.../premiere.html"
"Search"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2036)
c:\windows\system32\WININET.dll
c:\documents and settings\Kevin Henry\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2011-10-29 21:44:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 01:44
ComboFix2.txt 2011-10-28 18:55
.
Pre-Run: 17,469,149,184 bytes free
Post-Run: 17,345,687,552 bytes free
.
- - End Of File - - A0F8519379D6FDC72D46DF5BA7EF9F0E
  • 0

#13
RKinner
Posted 30 October 2011 - 12:19 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Combofix log looks good.

Let's try ESET.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Run OTL one more time and post the log.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Ron
  • 0

#14
Arboreal
Posted 31 October 2011 - 02:54 AM

Arboreal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ok, when I run OTL do I do it that same as before? With the Copy/Paste text and "Run Fix"?
  • 0

#15
RKinner
Posted 31 October 2011 - 10:19 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
When you run OTL, just click on the Quickscan.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP