Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pum virus issue + some other stuff [Solved]


  • This topic is locked This topic is locked

#31
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
it wasnt in the taskbar ill check if the process is still running thou
it usually starts with windows then get an error and i think it closes. too lazy to reinstal it or make it work again

ok i uninstalled it and now its working
runing the scan now


ComboFix 13-05-28.02 - Logan 05/28/2013 20:03:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1201 [GMT 3:00]
Running from: c:\documents and settings\Logan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Logan\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MyWebFace_5aEI
c:\program files\MyWebFace_5aEI\Installr\1.bin\5aEZSETP.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 )))))))))))))))))))))))))))))))
.
.
2013-05-28 16:53 . 2013-05-28 16:57 -------- d-----w- c:\windows\SxsCaPendDel
2013-05-25 11:28 . 2013-05-25 11:27 791393 ----a-w- C:\erunt_setup.exe
2013-05-23 19:00 . 2013-05-23 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2013-05-23 18:59 . 2013-05-23 18:59 -------- d-----w- c:\documents and settings\Logan\Application Data\zgametb
2013-05-23 18:59 . 2013-05-23 18:59 -------- d-----w- c:\program files\zgametb
2013-05-19 12:57 . 2013-05-19 12:57 -------- d-sh--w- c:\documents and settings\Logan\IECompatCache
2013-05-18 20:21 . 2013-05-18 20:21 -------- d-----w- c:\program files\VideoDownloadConverter_4zEI
2013-05-16 14:56 . 2013-05-16 14:56 -------- d-sh--w- c:\documents and settings\Logan\PrivacIE
2013-05-16 11:46 . 2013-05-16 11:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-05-16 11:33 . 2013-05-16 11:33 -------- d-sh--w- c:\documents and settings\Logan\IETldCache
2013-05-16 07:57 . 2013-04-16 22:17 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-05-16 07:56 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-05-16 07:55 . 2013-04-16 22:17 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-05-16 07:55 . 2013-04-16 22:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-05-16 07:55 . 2013-04-16 22:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-05-16 07:55 . 2013-04-16 22:17 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-05-16 07:55 . 2013-04-16 22:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-05-16 07:55 . 2013-04-16 22:17 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-05-16 07:55 . 2013-04-16 22:17 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-05-16 07:54 . 2013-05-16 07:55 -------- dc-h--w- c:\windows\ie8
2013-05-16 05:16 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-05-16 05:14 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-05-16 05:12 . 2012-12-16 12:23 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-05-16 05:12 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-05-16 05:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-05-16 05:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-05-16 05:10 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-05-16 04:36 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-05-15 22:47 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-05-15 22:47 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-05-15 22:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-05-15 22:43 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-05-15 22:43 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-05-15 22:24 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-05-15 22:23 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-05-15 22:23 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-05-15 22:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-05-15 22:23 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-05-15 22:23 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-05-15 22:21 . 2012-07-06 13:58 337920 -c----w- c:\windows\system32\dllcache\netapi32.dll
2013-05-15 20:50 . 2013-05-15 20:50 171344 ----a-w- C:\kk.exe
2013-05-13 18:39 . 2013-04-04 06:55 377856 ----a-w- C:\gmer.exe
2013-05-12 08:42 . 2013-05-12 08:42 -------- d-----w- C:\_OTL
2013-05-11 14:34 . 2010-08-02 11:09 -------- d-----w- C:\Sality_RegKeys
2013-05-11 14:31 . 2010-11-12 07:13 171344 ----a-w- C:\SalityKiller.exe
2013-05-10 17:13 . 2013-05-10 17:13 -------- d-----w- c:\documents and settings\Logan\Doctor Web
2013-05-07 10:08 . 2013-05-07 10:08 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-11 14:32 . 2012-02-15 12:25 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2013-04-16 22:17 . 2004-08-03 21:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-03 21:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-16 22:17 . 2004-08-03 21:56 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-12 23:28 . 2004-08-03 19:59 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-03 20:17 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-31 12:36 . 2004-08-03 21:56 238080 ----a-w- c:\windows\system32\taskmgr.exe
2013-03-08 08:36 . 2004-08-03 21:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2004-08-03 20:20 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-12-09 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2013-05-11 7419192]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-31 4698320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2013-05-11 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2013-05-11 74752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 387384]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\PROGRA~1\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\iKernel.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
"c:\\PROGRA~1\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesApp32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4559:TCP"= 4559:TCP:grcxjap
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/8/2013 9:47 PM 242240]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [11/23/2011 1:27 PM 1052472]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/7/2012 3:31 AM 398184]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [4/19/2010 2:45 PM 1050440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 9:27 PM 21104]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 12:18 PM 10064]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 9:27 PM 682344]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 10:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 78.96.7.88 95.77.94.88
FF - ProfilePath - c:\documents and settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=a92683ac&tbp=url&toolbarid=zgametb&u=B948E315F5707DE7D1C485519E670E19&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-23 21:59; {f65bb0d8-79ff-47f0-ab2a-a07d706a6dd7}; c:\documents and settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions\{f65bb0d8-79ff-47f0-ab2a-a07d706a6dd7}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyZGL7RnQ
FF - user.js: extensions.incredibar_i.upn2n - 92262763441748050
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.incredibar_i.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-28 20:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-05-28 20:19:45
ComboFix-quarantined-files.txt 2013-05-28 17:19
.
Pre-Run: 462,069,760 bytes free
Post-Run: 1,008,349,184 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 54F38A1B47942F48D5FA088DB60246F1

Edited by Wolffie, 28 May 2013 - 02:24 PM.

  • 0

Advertisements


#32
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hey,

Sorry for delay, that's because you've edited the message, so I didn't recieve any notification about update in your topic. Please, if you wish to add something - post it in the seperate message.

Please, follow these steps:

Step 1. CFScript fix.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

KillAll::

Folder::
c:\documents and settings\All Users\Application Data\blekko toolbars
c:\documents and settings\Logan\Application Data\zgametb
c:\program files\zgametb

Firefox::
FF - ProfilePath - c:\documents and settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\
FF - prefs.js: keyword.URL -
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyZGL7RnQ
FF - user.js: extensions.incredibar_i.upn2n - 92262763441748050
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extensions.incredibar_i.newTab - false

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"TaskMan"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4559:TCP"= 4559:TCP:grcxjap

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

After that reboot your computer.

Step 2. OTL scan.

  • Open OTL again.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, one at a time and post them in your topic.

How your computer is running after all these steps?

So, please, don't forget to post in your next message:

  • ComboFix log
  • OTL log

  • 0

#33
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
right, sorry :)
bad habbit



ComboFix 13-06-02.02 - Logan 06/03/2013 0:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1207 [GMT 3:00]
Running from: c:\documents and settings\Logan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Logan\Desktop\CFScript.txt.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\blekko toolbars
c:\documents and settings\All Users\Application Data\blekko toolbars\toolbar.txt
c:\documents and settings\Logan\Application Data\zgametb
c:\documents and settings\Logan\Application Data\zgametb\guid.dat
c:\documents and settings\Logan\Application Data\zgametb\setupCfg.xml
c:\program files\zgametb
c:\program files\zgametb\chrome\content\cache.js
c:\program files\zgametb\chrome\content\custom.js
c:\program files\zgametb\chrome\content\customzgame.js
c:\program files\zgametb\chrome\content\lib\about.xml
c:\program files\zgametb\chrome\content\lib\dtxpanel.xul
c:\program files\zgametb\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\zgametb\chrome\content\lib\dtxpanelwin.xul
c:\program files\zgametb\chrome\content\lib\dtxprefwin.xul
c:\program files\zgametb\chrome\content\lib\dtxtransparentwin.xul
c:\program files\zgametb\chrome\content\lib\dtxwin.xul
c:\program files\zgametb\chrome\content\lib\emailnotifierproviders.xml
c:\program files\zgametb\chrome\content\lib\external.js
c:\program files\zgametb\chrome\content\lib\neterror.xhtml
c:\program files\zgametb\chrome\content\lib\rsspreview.html
c:\program files\zgametb\chrome\content\lib\rsswin.xml
c:\program files\zgametb\chrome\content\lib\rsswin.xsl
c:\program files\zgametb\chrome\content\lib\wmpstreamer.html
c:\program files\zgametb\chrome\content\modules\datastore.jsm
c:\program files\zgametb\chrome\content\modules\nsDragAndDrop.js
c:\program files\zgametb\chrome\content\newtab\images\btn_search.gif
c:\program files\zgametb\chrome\content\newtab\images\bullet.gif
c:\program files\zgametb\chrome\content\newtab\images\field_bg.gif
c:\program files\zgametb\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\zgametb\chrome\content\newtab\newtab.html
c:\program files\zgametb\chrome\content\partner.xml
c:\program files\zgametb\chrome\content\preferences.xml
c:\program files\zgametb\chrome\content\searchdomain.xml
c:\program files\zgametb\chrome\content\sourceid.xml
c:\program files\zgametb\chrome\content\toolbar.htm
c:\program files\zgametb\chrome\content\toolbar.xul
c:\program files\zgametb\chrome\content\tracking.xml
c:\program files\zgametb\chrome\content\zgamestb.css
c:\program files\zgametb\chrome\content\zgamestb.html
c:\program files\zgametb\chrome\content\zgamestb.js
c:\program files\zgametb\chrome\content\zgamestb.xsl
c:\program files\zgametb\chrome\data\rss\rss.xml
c:\program files\zgametb\chrome\data\search\engines.xml
c:\program files\zgametb\chrome\data\search\search.xsl
c:\program files\zgametb\chrome\skin\.#custom.css.1.8
c:\program files\zgametb\chrome\skin\addicting_games.png
c:\program files\zgametb\chrome\skin\bg-toolbar.png
c:\program files\zgametb\chrome\skin\blekko16.png
c:\program files\zgametb\chrome\skin\blogger.png
c:\program files\zgametb\chrome\skin\bluelite.gif
c:\program files\zgametb\chrome\skin\bluesky.gif
c:\program files\zgametb\chrome\skin\border-btm.gif
c:\program files\zgametb\chrome\skin\border-left.gif
c:\program files\zgametb\chrome\skin\border-right.gif
c:\program files\zgametb\chrome\skin\border-top.gif
c:\program files\zgametb\chrome\skin\btn-search-over.png
c:\program files\zgametb\chrome\skin\btn-search.png
c:\program files\zgametb\chrome\skin\btn-settings-over.png
c:\program files\zgametb\chrome\skin\btn-settings.png
c:\program files\zgametb\chrome\skin\btn-widgets-over.png
c:\program files\zgametb\chrome\skin\btn-widgets.png
c:\program files\zgametb\chrome\skin\custom.css
c:\program files\zgametb\chrome\skin\default_bg.gif
c:\program files\zgametb\chrome\skin\dictionary.png
c:\program files\zgametb\chrome\skin\downloadcom.png
c:\program files\zgametb\chrome\skin\dtxlogo.png
c:\program files\zgametb\chrome\skin\facebook.png
c:\program files\zgametb\chrome\skin\fb.png
c:\program files\zgametb\chrome\skin\games.png
c:\program files\zgametb\chrome\skin\google.png
c:\program files\zgametb\chrome\skin\graphna.png
c:\program files\zgametb\chrome\skin\graphred0.png
c:\program files\zgametb\chrome\skin\graphred0_5.png
c:\program files\zgametb\chrome\skin\graphred1.png
c:\program files\zgametb\chrome\skin\graphred1_5.png
c:\program files\zgametb\chrome\skin\graphred2.png
c:\program files\zgametb\chrome\skin\graphred2_5.png
c:\program files\zgametb\chrome\skin\graphred3.png
c:\program files\zgametb\chrome\skin\graphred3_5.png
c:\program files\zgametb\chrome\skin\graphred4.png
c:\program files\zgametb\chrome\skin\graphred4_5.png
c:\program files\zgametb\chrome\skin\graphred5.png
c:\program files\zgametb\chrome\skin\graphredna.png
c:\program files\zgametb\chrome\skin\grey.gif
c:\program files\zgametb\chrome\skin\ico-digg.png
c:\program files\zgametb\chrome\skin\ico-shield.png
c:\program files\zgametb\chrome\skin\icon-topgames.png
c:\program files\zgametb\chrome\skin\icon-upcomingGames.png
c:\program files\zgametb\chrome\skin\images.png
c:\program files\zgametb\chrome\skin\lib\add.png
c:\program files\zgametb\chrome\skin\lib\aol.png
c:\program files\zgametb\chrome\skin\lib\arrow-dn.gif
c:\program files\zgametb\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\zgametb\chrome\skin\lib\arrow-right.gif
c:\program files\zgametb\chrome\skin\lib\arrow-up.gif
c:\program files\zgametb\chrome\skin\lib\bg-btn-end.png
c:\program files\zgametb\chrome\skin\lib\bg-btn-mdl.png
c:\program files\zgametb\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\zgametb\chrome\skin\lib\bg-btn-start.png
c:\program files\zgametb\chrome\skin\lib\bg-btnover-end.png
c:\program files\zgametb\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\zgametb\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\zgametb\chrome\skin\lib\bg-btnover-start.png
c:\program files\zgametb\chrome\skin\lib\blank.gif
c:\program files\zgametb\chrome\skin\lib\btnback-down-vista.png
c:\program files\zgametb\chrome\skin\lib\btnback-vista.png
c:\program files\zgametb\chrome\skin\lib\btnleft-down-vista.png
c:\program files\zgametb\chrome\skin\lib\btnleft-vista.png
c:\program files\zgametb\chrome\skin\lib\btnright-down-vista.png
c:\program files\zgametb\chrome\skin\lib\btnright-vista.png
c:\program files\zgametb\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\zgametb\chrome\skin\lib\button-splitter-vista.png
c:\program files\zgametb\chrome\skin\lib\checkmark.png
c:\program files\zgametb\chrome\skin\lib\chevron.png
c:\program files\zgametb\chrome\skin\lib\collapse.png
c:\program files\zgametb\chrome\skin\lib\dtx.css
c:\program files\zgametb\chrome\skin\lib\edit-back-hot.png
c:\program files\zgametb\chrome\skin\lib\edit-back.png
c:\program files\zgametb\chrome\skin\lib\expand.png
c:\program files\zgametb\chrome\skin\lib\found.png
c:\program files\zgametb\chrome\skin\lib\gmail.png
c:\program files\zgametb\chrome\skin\lib\highlight.png
c:\program files\zgametb\chrome\skin\lib\highlight_blue.png
c:\program files\zgametb\chrome\skin\lib\highlight_cyan.png
c:\program files\zgametb\chrome\skin\lib\highlight_lime.png
c:\program files\zgametb\chrome\skin\lib\highlight_magenta.png
c:\program files\zgametb\chrome\skin\lib\highlight_yellow.png
c:\program files\zgametb\chrome\skin\lib\hotmail.png
c:\program files\zgametb\chrome\skin\lib\imap.png
c:\program files\zgametb\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\zgametb\chrome\skin\lib\loadingMid.gif
c:\program files\zgametb\chrome\skin\lib\lock.png
c:\program files\zgametb\chrome\skin\lib\mailcom.png
c:\program files\zgametb\chrome\skin\lib\menu_bg-basic.png
c:\program files\zgametb\chrome\skin\lib\menu_separator_bar.png
c:\program files\zgametb\chrome\skin\lib\menuitem-splitter.png
c:\program files\zgametb\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\zgametb\chrome\skin\lib\menuitemback-vista.png
c:\program files\zgametb\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\zgametb\chrome\skin\lib\menuitemleft-vista.png
c:\program files\zgametb\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\zgametb\chrome\skin\lib\menuitemright-vista.png
c:\program files\zgametb\chrome\skin\lib\modify.png
c:\program files\zgametb\chrome\skin\lib\move.gif
c:\program files\zgametb\chrome\skin\lib\movetarget.png
c:\program files\zgametb\chrome\skin\lib\panels\css\ie-only.css
c:\program files\zgametb\chrome\skin\lib\panels\css\ie7-only.css
c:\program files\zgametb\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\zgametb\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\zgametb\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\zgametb\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\zgametb\chrome\skin\lib\panels\default\images\btn-close-over.png
c:\program files\zgametb\chrome\skin\lib\panels\default\images\btn-close.png
c:\program files\zgametb\chrome\skin\lib\panels\default\images\footer-short-left.png
c:\program files\zgametb\chrome\skin\lib\panels\default\images\footer-short-middle.png
c:\program files\zgametb\chrome\skin\lib\panels\default\images\footer-short-right.png
c:\program files\zgametb\chrome\skin\lib\panels\default\images\titlebar-left.png
c:\program files\zgametb\chrome\skin\lib\panels\default\images\titlebar-middle.png
c:\program files\zgametb\chrome\skin\lib\panels\default\images\titlebar-right.png
c:\program files\zgametb\chrome\skin\lib\panels\default\main.html
c:\program files\zgametb\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\zgametb\chrome\skin\lib\panels\images\ajax-loader.gif
c:\program files\zgametb\chrome\skin\lib\panels\images\apps-bg-gradient-grid.png
c:\program files\zgametb\chrome\skin\lib\panels\images\apps-hover.png
c:\program files\zgametb\chrome\skin\lib\panels\images\appsfeatured-bg-gradient-grid.png
c:\program files\zgametb\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\zgametb\chrome\skin\lib\panels\images\arrow-down-white.png
c:\program files\zgametb\chrome\skin\lib\panels\images\arrow-left.png
c:\program files\zgametb\chrome\skin\lib\panels\images\arrow-right.png
c:\program files\zgametb\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\zgametb\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\zgametb\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\zgametb\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\zgametb\chrome\skin\lib\panels\images\bg-scrollbar-thumb-y.png
c:\program files\zgametb\chrome\skin\lib\panels\images\bg-scrollbar-track-y.png
c:\program files\zgametb\chrome\skin\lib\panels\images\bg-scrollbar-trackend-y.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-add-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-add.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-close-grey-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-close-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-close.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-dark-left22-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-dark-left22.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-dark-middle22-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-dark-middle22.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-dark-right22-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-dark-right22.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-install.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-launch-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-launch.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-next.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\zgametb\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\zgametb\chrome\skin\lib\panels\images\categories-bg-gradient-grid.png
c:\program files\zgametb\chrome\skin\lib\panels\images\featured-bg-btm-gradient.png
c:\program files\zgametb\chrome\skin\lib\panels\images\footer-short-left.png
c:\program files\zgametb\chrome\skin\lib\panels\images\footer-short-middle.png
c:\program files\zgametb\chrome\skin\lib\panels\images\footer-short-right.png
c:\program files\zgametb\chrome\skin\lib\panels\images\ico-box-next.png
c:\program files\zgametb\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\zgametb\chrome\skin\lib\panels\images\ico-download.png
c:\program files\zgametb\chrome\skin\lib\panels\images\ico-info-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\ico-info.png
c:\program files\zgametb\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\zgametb\chrome\skin\lib\panels\images\ico-pref-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\ico-pref.png
c:\program files\zgametb\chrome\skin\lib\panels\images\ico-user-monitor.png
c:\program files\zgametb\chrome\skin\lib\panels\images\left-menu-hover.png
c:\program files\zgametb\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\zgametb\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\zgametb\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\zgametb\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\zgametb\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\zgametb\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\zgametb\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\scrollb.png
c:\program files\zgametb\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\zgametb\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\zgametb\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\zgametb\chrome\skin\lib\panels\images\scrollt.png
c:\program files\zgametb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\zgametb\chrome\skin\lib\panels\images\searchbox.png
c:\program files\zgametb\chrome\skin\lib\panels\images\searchboxlite.png
c:\program files\zgametb\chrome\skin\lib\panels\images\searchboxlite_end.png
c:\program files\zgametb\chrome\skin\lib\panels\images\shadow-leftmenu.png
c:\program files\zgametb\chrome\skin\lib\panels\images\sprite-dropdown.png
c:\program files\zgametb\chrome\skin\lib\panels\images\star.png
c:\program files\zgametb\chrome\skin\lib\panels\images\star_blank.png
c:\program files\zgametb\chrome\skin\lib\panels\images\titlebar-left.png
c:\program files\zgametb\chrome\skin\lib\panels\images\titlebar-middle.png
c:\program files\zgametb\chrome\skin\lib\panels\images\titlebar-right.png
c:\program files\zgametb\chrome\skin\lib\panels\images\topbar-inside-gradient.png
c:\program files\zgametb\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\zgametb\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\zgametb\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\zgametb\chrome\skin\lib\panels\images\win-bottom-middleglow.png
c:\program files\zgametb\chrome\skin\lib\panels\images\win-left-bottomglow.png
c:\program files\zgametb\chrome\skin\lib\panels\images\win-left-middleglow.png
c:\program files\zgametb\chrome\skin\lib\panels\images\win-left-topglow.png
c:\program files\zgametb\chrome\skin\lib\panels\images\win-right-bottomglow.png
c:\program files\zgametb\chrome\skin\lib\panels\images\win-right-middleglow.png
c:\program files\zgametb\chrome\skin\lib\panels\images\win-right-topglow.png
c:\program files\zgametb\chrome\skin\lib\panels\images\win-top-middleglow.png
c:\program files\zgametb\chrome\skin\lib\panels\js\default.js
c:\program files\zgametb\chrome\skin\lib\panels\js\jquery.js
c:\program files\zgametb\chrome\skin\lib\panels\js\jquery.tinyscrollbar.js
c:\program files\zgametb\chrome\skin\lib\panels\js\jquery.tinyscrollbar.min.js
c:\program files\zgametb\chrome\skin\lib\panels\js\jquery.uniform.min.js
c:\program files\zgametb\chrome\skin\lib\panels\js\jquery.url.js
c:\program files\zgametb\chrome\skin\lib\panels\popupRSS.html
c:\program files\zgametb\chrome\skin\lib\panels\popupWidgets.html
c:\program files\zgametb\chrome\skin\lib\pop.png
c:\program files\zgametb\chrome\skin\lib\radio.png
c:\program files\zgametb\chrome\skin\lib\radio\css\manager.css
c:\program files\zgametb\chrome\skin\lib\radio\css\slider.css
c:\program files\zgametb\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\zgametb\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\zgametb\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\zgametb\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\zgametb\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\zgametb\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\zgametb\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\zgametb\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\zgametb\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\zgametb\chrome\skin\lib\radio\images\music-note.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-options.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\zgametb\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\zgametb\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\zgametb\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\zgametb\chrome\skin\lib\radio\images\slider.png
c:\program files\zgametb\chrome\skin\lib\radio\images\slideron.png
c:\program files\zgametb\chrome\skin\lib\radio\images\track.png
c:\program files\zgametb\chrome\skin\lib\radio\managerpanel.html
c:\program files\zgametb\chrome\skin\lib\radio\volumeslider.html
c:\program files\zgametb\chrome\skin\lib\reload.png
c:\program files\zgametb\chrome\skin\lib\remove.png
c:\program files\zgametb\chrome\skin\lib\rename.gif
c:\program files\zgametb\chrome\skin\lib\resize-box.gif
c:\program files\zgametb\chrome\skin\lib\rss.png
c:\program files\zgametb\chrome\skin\lib\rsschannelback.png
c:\program files\zgametb\chrome\skin\lib\RSSLogo.png
c:\program files\zgametb\chrome\skin\lib\rsstabdivider.gif
c:\program files\zgametb\chrome\skin\lib\scroll-left.png
c:\program files\zgametb\chrome\skin\lib\scroll-right.png
c:\program files\zgametb\chrome\skin\lib\search-go.png
c:\program files\zgametb\chrome\skin\lib\search.png
c:\program files\zgametb\chrome\skin\lib\text-ellipsis.xml
c:\program files\zgametb\chrome\skin\lib\toolbarsplitter.gif
c:\program files\zgametb\chrome\skin\lib\transparent_1px.gif
c:\program files\zgametb\chrome\skin\lib\uwa\border_02.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_03.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_04.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_06.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_07.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_08.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_09.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_10.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_11.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_12.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_13.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_14.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_15.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_16.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_18.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_19.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_20.png
c:\program files\zgametb\chrome\skin\lib\uwa\border_21.png
c:\program files\zgametb\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\zgametb\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\zgametb\chrome\skin\lib\uwa\close-hot.png
c:\program files\zgametb\chrome\skin\lib\uwa\close-normal.png
c:\program files\zgametb\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\zgametb\chrome\skin\lib\uwa\paneltemplate.html
c:\program files\zgametb\chrome\skin\lib\uwa\proxy.html
c:\program files\zgametb\chrome\skin\lib\uwa\template.html
c:\program files\zgametb\chrome\skin\lib\uwa\template.xml
c:\program files\zgametb\chrome\skin\lib\uwa\templateFF.html
c:\program files\zgametb\chrome\skin\lib\uwa\throbber.gif
c:\program files\zgametb\chrome\skin\lib\yahoo.png
c:\program files\zgametb\chrome\skin\lichen.gif
c:\program files\zgametb\chrome\skin\logo-about.png
c:\program files\zgametb\chrome\skin\logo-over.png
c:\program files\zgametb\chrome\skin\logo.png
c:\program files\zgametb\chrome\skin\magnifier.png
c:\program files\zgametb\chrome\skin\mail.png
c:\program files\zgametb\chrome\skin\modify-save.png
c:\program files\zgametb\chrome\skin\modify.png
c:\program files\zgametb\chrome\skin\music.png
c:\program files\zgametb\chrome\skin\myspace.png
c:\program files\zgametb\chrome\skin\new_games.png
c:\program files\zgametb\chrome\skin\news.png
c:\program files\zgametb\chrome\skin\options-main.png
c:\program files\zgametb\chrome\skin\options-search.png
c:\program files\zgametb\chrome\skin\options\options-main.png
c:\program files\zgametb\chrome\skin\options\options-search.png
c:\program files\zgametb\chrome\skin\options\options-weather.png
c:\program files\zgametb\chrome\skin\options\options-widgets.png
c:\program files\zgametb\chrome\skin\orange.gif
c:\program files\zgametb\chrome\skin\p_yahoo.png
c:\program files\zgametb\chrome\skin\premium_games.png
c:\program files\zgametb\chrome\skin\rss-collapse.png
c:\program files\zgametb\chrome\skin\rss-delete.png
c:\program files\zgametb\chrome\skin\rss-expand.png
c:\program files\zgametb\chrome\skin\rss-feed.png
c:\program files\zgametb\chrome\skin\rss-folder-remove.png
c:\program files\zgametb\chrome\skin\rss-folder-rename.png
c:\program files\zgametb\chrome\skin\rss-folder.png
c:\program files\zgametb\chrome\skin\rss-found.png
c:\program files\zgametb\chrome\skin\rss-reload.png
c:\program files\zgametb\chrome\skin\rss-subscribe.png
c:\program files\zgametb\chrome\skin\rss.png
c:\program files\zgametb\chrome\skin\rssback.gif
c:\program files\zgametb\chrome\skin\rsstopback.gif
c:\program files\zgametb\chrome\skin\scroller-btm-arrow.gif
c:\program files\zgametb\chrome\skin\scroller-top-arrow.gif
c:\program files\zgametb\chrome\skin\search-background.png
c:\program files\zgametb\chrome\skin\search.png
c:\program files\zgametb\chrome\skin\search_games.png
c:\program files\zgametb\chrome\skin\selbar-btm-left.gif
c:\program files\zgametb\chrome\skin\selbar-btm-right.gif
c:\program files\zgametb\chrome\skin\selbar-btm.gif
c:\program files\zgametb\chrome\skin\selbar-left.gif
c:\program files\zgametb\chrome\skin\selbar-right.gif
c:\program files\zgametb\chrome\skin\selbar-top-left.gif
c:\program files\zgametb\chrome\skin\selbar-top-right.gif
c:\program files\zgametb\chrome\skin\selbar-top.gif
c:\program files\zgametb\chrome\skin\settings.png
c:\program files\zgametb\chrome\skin\shopping.png
c:\program files\zgametb\chrome\skin\skin-bluelite.png
c:\program files\zgametb\chrome\skin\skin-bluesky.png
c:\program files\zgametb\chrome\skin\skin-grey.png
c:\program files\zgametb\chrome\skin\skin-lichen.png
c:\program files\zgametb\chrome\skin\skin-orange.png
c:\program files\zgametb\chrome\skin\skin-yellow.png
c:\program files\zgametb\chrome\skin\slider-bluelite.png
c:\program files\zgametb\chrome\skin\slider-bluesky.png
c:\program files\zgametb\chrome\skin\slider-lichen.png
c:\program files\zgametb\chrome\skin\slider-orange.png
c:\program files\zgametb\chrome\skin\slider-yellow.png
c:\program files\zgametb\chrome\skin\slider_bg.gif
c:\program files\zgametb\chrome\skin\social_delicious.png
c:\program files\zgametb\chrome\skin\social_stumbleupon.png
c:\program files\zgametb\chrome\skin\special_offers.png
c:\program files\zgametb\chrome\skin\tab_ftrleft.gif
c:\program files\zgametb\chrome\skin\tab_ftrright.gif
c:\program files\zgametb\chrome\skin\tab_hdrleft.gif
c:\program files\zgametb\chrome\skin\tab_hdrright.gif
c:\program files\zgametb\chrome\skin\technorati.png
c:\program files\zgametb\chrome\skin\throbber.gif
c:\program files\zgametb\chrome\skin\toolbarsplitter.png
c:\program files\zgametb\chrome\skin\top_games.png
c:\program files\zgametb\chrome\skin\twitter.png
c:\program files\zgametb\chrome\skin\upcoming_games.png
c:\program files\zgametb\chrome\skin\view_game.png
c:\program files\zgametb\chrome\skin\view_game_hover.png
c:\program files\zgametb\chrome\skin\web.png
c:\program files\zgametb\chrome\skin\webblekko16.png
c:\program files\zgametb\chrome\skin\websearch.png
c:\program files\zgametb\chrome\skin\wikipedia.png
c:\program files\zgametb\chrome\skin\yahoosearch.png
c:\program files\zgametb\chrome\skin\yellow.gif
c:\program files\zgametb\chrome\skin\youtube.png
c:\program files\zgametb\components\windowmediator.js
c:\program files\zgametb\dtUser.exe
c:\program files\zgametb\install.ico
c:\program files\zgametb\manifest.xml
c:\program files\zgametb\OldHomepage.txt
c:\program files\zgametb\OldSearchScope.txt
c:\program files\zgametb\search.ico
c:\program files\zgametb\uninstall.exe
c:\program files\zgametb\zgameDx.dll
c:\program files\zgametb\zgametb.dll
c:\windows\system32\SET122.tmp
c:\windows\system32\SET127.tmp
c:\windows\system32\SET12E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-05-02 to 2013-06-02 )))))))))))))))))))))))))))))))
.
.
2013-05-29 19:29 . 2013-05-29 19:29 -------- d-----w- c:\program files\Windows Media Connect 2
2013-05-29 19:27 . 2013-05-29 19:28 -------- d-----w- c:\windows\system32\drivers\UMDF
2013-05-29 19:27 . 2013-05-29 19:27 -------- d-----w- c:\windows\system32\LogFiles
2013-05-28 16:53 . 2013-05-28 16:57 -------- d-----w- c:\windows\SxsCaPendDel
2013-05-25 11:28 . 2013-05-25 11:27 791393 ----a-w- C:\erunt_setup.exe
2013-05-19 12:57 . 2013-05-19 12:57 -------- d-sh--w- c:\documents and settings\Logan\IECompatCache
2013-05-18 20:21 . 2013-05-18 20:21 -------- d-----w- c:\program files\VideoDownloadConverter_4zEI
2013-05-16 14:56 . 2013-05-16 14:56 -------- d-sh--w- c:\documents and settings\Logan\PrivacIE
2013-05-16 11:46 . 2013-05-16 11:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-05-16 11:33 . 2013-05-16 11:33 -------- d-sh--w- c:\documents and settings\Logan\IETldCache
2013-05-16 07:57 . 2013-04-16 22:17 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-05-16 07:56 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-05-16 07:55 . 2013-04-16 22:17 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-05-16 07:55 . 2013-04-16 22:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-05-16 07:55 . 2013-04-16 22:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-05-16 07:55 . 2013-04-16 22:17 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-05-16 07:55 . 2013-04-16 22:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-05-16 07:55 . 2013-04-16 22:17 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-05-16 07:55 . 2013-04-16 22:17 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-05-16 07:54 . 2013-05-16 07:55 -------- dc-h--w- c:\windows\ie8
2013-05-16 05:16 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-05-16 05:14 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-05-16 05:12 . 2012-12-16 12:23 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-05-16 05:12 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-05-16 05:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-05-16 05:11 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-05-16 05:10 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-05-16 04:36 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-05-15 22:47 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-05-15 22:47 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-05-15 22:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-05-15 22:43 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-05-15 22:43 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-05-15 22:24 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-05-15 22:23 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-05-15 22:23 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-05-15 22:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-05-15 22:23 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-05-15 22:23 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-05-15 22:21 . 2012-07-06 13:58 337920 -c----w- c:\windows\system32\dllcache\netapi32.dll
2013-05-15 20:50 . 2013-05-15 20:50 171344 ----a-w- C:\kk.exe
2013-05-13 18:39 . 2013-04-04 06:55 377856 ----a-w- C:\gmer.exe
2013-05-12 08:42 . 2013-05-12 08:42 -------- d-----w- C:\_OTL
2013-05-11 14:34 . 2010-08-02 11:09 -------- d-----w- C:\Sality_RegKeys
2013-05-11 14:31 . 2010-11-12 07:13 171344 ----a-w- C:\SalityKiller.exe
2013-05-10 17:13 . 2013-05-10 17:13 -------- d-----w- c:\documents and settings\Logan\Doctor Web
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-05-07 10:08 . 2013-05-07 10:08 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-02 14:07 . 2012-12-06 18:46 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-02 14:07 . 2012-02-15 12:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-11 14:32 . 2012-02-15 12:25 77824 ----a-w- c:\windows\SOUNDMAN.EXE
2013-04-16 22:17 . 2004-08-03 21:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-03 21:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-16 22:17 . 2004-08-03 21:56 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-12 23:28 . 2004-08-03 19:59 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-03 20:17 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-31 12:36 . 2004-08-03 21:56 238080 ----a-w- c:\windows\system32\taskmgr.exe
2013-03-08 08:36 . 2004-08-03 21:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2004-08-03 20:20 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2013-05-01 1500952]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2013-05-11 7419192]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-31 4698320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2013-05-11 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2013-05-11 74752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 387384]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\PROGRA~1\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\iKernel.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
"c:\\PROGRA~1\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesApp32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4559:TCP"= 4559:TCP:grcxjap
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/8/2013 9:47 PM 242240]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\Comodo\COMODO GeekBuddy\CLPSLS.exe [11/23/2011 1:27 PM 1052472]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/7/2012 3:31 AM 398184]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [4/19/2010 2:45 PM 1050440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/10/2012 9:27 PM 21104]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 12:18 PM 10064]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/10/2012 9:27 PM 682344]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 14:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 78.96.7.88 95.77.94.88
FF - ProfilePath - c:\documents and settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-23 21:59; {f65bb0d8-79ff-47f0-ab2a-a07d706a6dd7}; c:\documents and settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions\{f65bb0d8-79ff-47f0-ab2a-a07d706a6dd7}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-03 00:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3428)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SOUNDMAN.EXE
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-06-03 01:03:17 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-02 22:03
ComboFix2.txt 2013-05-28 17:19
.
Pre-Run: 535,990,272 bytes free
Post-Run: 699,260,928 bytes free
.
- - End Of File - - B9876E5EBD7232A6AB655C6E73711C28







OTL logfile created on: 6/3/2013 1:10:03 AM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Logan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 64.12% Memory free
2.11 Gb Paging File | 1.71 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 0.68 Gb Free Space | 4.62% Space Free | Partition Type: NTFS
Drive D: | 97.13 Gb Total Space | 13.73 Gb Free Space | 14.13% Space Free | Partition Type: NTFS
Drive F: | 454.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-FA201A11EA | User Name: Logan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/17 00:11:21 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 17:42:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2013/05/11 17:32:45 | 007,419,192 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2013/05/11 17:32:45 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2013/05/07 16:00:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Logan\My Documents\Downloads\OTL.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/11/23 13:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
PRC - [2010/04/19 14:47:26 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/04/19 14:45:44 | 001,050,440 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/17 00:11:20 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/02 09:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/01/04 03:47:42 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/01/04 03:47:42 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2008/04/14 03:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 03:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - [2013/06/02 17:08:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/17 00:11:20 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 17:41:51 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/11/23 13:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2010/04/19 14:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 14:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Logan\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/01/08 21:47:56 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/25 12:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/04/13 21:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/11/17 14:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/08/04 01:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/16 09:19:52 | 000,070,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7Bf65bb0d8-79ff-47f0-ab2a-a07d706a6dd7%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://blekko.com/ws...5519E670E19&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/23 22:00:07 | 000,000,000 | ---D | M]

[2012/03/07 21:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Extensions
[2013/05/23 21:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions
[2013/05/23 21:59:44 | 000,000,000 | ---D | M] (ZGame Toolbar) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions\{f65bb0d8-79ff-47f0-ab2a-a07d706a6dd7}
[2013/05/17 00:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/17 00:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/17 00:11:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/23 21:59:44 | 000,002,162 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zgametb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://blekkosearch....=homepage&v=1_0
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: căutare Google = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/03 00:58:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1368716941125 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.96.7.88 95.77.94.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{561FCA04-03EC-4ECD-A742-B656D6FA86EF}: DhcpNameServer = 78.96.7.88 95.77.94.88
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Logan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Logan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/23 21:58:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/06/20 16:23:22 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/03 01:03:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/29 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2013/05/29 22:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2013/05/29 22:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013/05/28 20:01:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/05/28 19:59:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/28 19:59:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/28 19:59:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/28 19:59:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/28 19:59:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 19:59:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/28 19:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/28 19:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2013/05/27 22:29:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Logan\Start Menu\Programs\Administrative Tools
[2013/05/27 22:26:08 | 005,076,415 | R--- | C] (Swearware) -- C:\Documents and Settings\Logan\Desktop\ComboFix.exe
[2013/05/25 14:28:08 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\erunt_setup.exe
[2013/05/19 15:57:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Logan\IECompatCache
[2013/05/18 23:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\VideoDownloadConverter_4zEI
[2013/05/17 00:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/16 23:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/05/16 17:56:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Logan\PrivacIE
[2013/05/16 14:33:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Logan\IETldCache
[2013/05/16 10:56:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/05/16 10:55:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/05/16 10:54:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/15 23:50:55 | 000,171,344 | ---- | C] (Kaspersky Lab) -- C:\kk.exe
[2013/05/12 11:42:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/11 17:34:12 | 000,000,000 | ---D | C] -- C:\Sality_RegKeys
[2013/05/11 17:31:51 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\SalityKiller.exe
[2013/05/10 20:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Logan\Doctor Web
[2013/05/07 15:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Logan\Desktop\RK_Quarantine
[2013/05/07 15:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/05/07 13:08:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/03 01:09:54 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\Shortcut to OTL.lnk
[2013/06/03 01:04:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/03 00:58:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/03 00:58:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/03 00:58:29 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/03 00:40:51 | 005,076,415 | R--- | M] (Swearware) -- C:\Documents and Settings\Logan\Desktop\ComboFix.exe
[2013/06/02 03:12:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/30 21:58:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/29 22:34:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/05/29 22:34:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/05/29 22:29:32 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/05/29 22:28:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/05/29 22:27:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/05/28 20:02:39 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/28 20:02:39 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/28 20:01:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/05/25 14:27:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\erunt_setup.exe
[2013/05/21 18:59:37 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/21 13:17:34 | 000,012,929 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\greeting_0787129001242830553_2.jpg
[2013/05/20 08:45:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/16 14:33:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/16 14:33:35 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 23:50:26 | 000,171,344 | ---- | M] (Kaspersky Lab) -- C:\kk.exe
[2013/05/11 17:39:27 | 004,280,320 | ---- | M] (Bethesda Softworks) -- C:\Documents and Settings\Logan\My Documents\Morrowind.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/03 01:09:54 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\Shortcut to OTL.lnk
[2013/06/02 03:12:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/29 22:27:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/05/28 20:01:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/05/28 20:01:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/05/28 19:59:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/28 19:59:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/28 19:59:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/28 19:59:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/28 19:59:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/21 13:17:32 | 000,012,929 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\greeting_0787129001242830553_2.jpg
[2013/05/16 01:47:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/05/16 01:47:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013/05/13 21:39:58 | 000,377,856 | ---- | C] () -- C:\gmer.exe
[2013/01/28 13:01:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2013/01/07 21:54:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/12/23 04:05:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/08/02 10:17:08 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 17:04:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/15 17:02:48 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 15:49:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/15 15:25:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/02/15 15:25:46 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/02/15 15:25:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/02/15 15:17:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 15:10:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/17 00:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 15:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 03:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/16 07:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2013/01/08 21:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/12/07 03:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/12/07 02:59:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/01/08 21:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Logan\Application Data\DAEMON Tools Lite
[2012/12/07 03:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Logan\Application Data\TuneUp Software
[2013/05/26 01:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Logan\Application Data\uTorrent

========== Purity Check ==========



< End of report >



i see google chrome is finally able to install.
i don`t use this pc thou so i don`t notice anything in the short time im running these repairs,
my parents had no complains with it as well

although i transfered alot of files onto my laptop
should i be worried?

Edited by Wolffie, 02 June 2013 - 04:50 PM.

  • 0

#34
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Sorry for delay, that's my fault now. :)

Please, follow these steps:

Step 1. Changing Chrome homepage.

Your current Chrome homepage is malicious.

Please, follow this instruction and set your homepage to www.google.com or to something else, what you want.

Step 2. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
    FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=a92683ac&tbp=url&toolbarid=zgametb&u=B948E315F5707DE7D1C485519E670E19&q="
    [2013/05/23 21:59:44 | 000,000,000 | ---D | M] (ZGame Toolbar) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions\{f65bb0d8-79ff-47f0-ab2a-a07d706a6dd7}
    [2013/05/23 21:59:44 | 000,002,162 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zgametb.xml
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4559:TCP"=-
    
    :Commands
    [REBOOT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#35
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
did the chrome thing
did the fix
pc rebooted everything was fine did the scan forgot to post the log

then the next day i start the pc i get this message that keeps repoping unless i press cancel(try again or continue doesn`t work)

"Windows - Drive not ready

Exception processing message c0000a3 Parameters" and then 3 sets of letters and numbers i`m too lazy to write

ran a fresh otl afterwards:



OTL logfile created on: 6/6/2013 5:15:40 PM - Run 10
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Logan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 65.25% Memory free
2.11 Gb Paging File | 1.81 Gb Available in Paging File | 86.10% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 0.31 Gb Free Space | 2.13% Space Free | Partition Type: NTFS
Drive D: | 97.13 Gb Total Space | 13.79 Gb Free Space | 14.20% Space Free | Partition Type: NTFS
Drive F: | 454.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-FA201A11EA | User Name: Logan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/11 17:42:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2013/05/11 17:32:45 | 007,497,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2013/05/11 17:32:45 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2013/05/07 16:00:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Logan\My Documents\Downloads\OTL.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/11/23 13:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
PRC - [2010/04/19 14:47:26 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/04/19 14:45:44 | 001,050,440 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/02 09:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/01/04 03:47:42 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/01/04 03:47:42 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2008/04/14 03:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 03:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - [2013/06/02 17:08:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/17 00:11:20 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 17:41:51 | 000,516,936 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/11/23 13:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2010/04/19 14:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 14:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qnkpqn.sys -- (abp470n5)
DRV - [2013/01/08 21:47:56 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/25 12:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/04/13 21:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/11/17 14:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/08/04 01:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/16 09:19:52 | 000,070,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/23 22:00:07 | 000,000,000 | ---D | M]

[2012/03/07 21:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Extensions
[2013/05/23 21:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions
[2013/05/17 00:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/17 00:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/17 00:11:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://blekkosearch....=homepage&v=1_0
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/03 00:58:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1368716941125 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.96.7.88 95.77.94.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{561FCA04-03EC-4ECD-A742-B656D6FA86EF}: DhcpNameServer = 78.96.7.88 95.77.94.88
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Logan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Logan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/23 21:58:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/06/20 16:23:22 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/05 21:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Logan\My Documents\REIKI
[2013/06/03 01:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/06/03 01:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/06/03 01:03:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/29 22:29:44 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/05/29 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2013/05/29 22:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2013/05/29 22:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013/05/28 20:01:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/05/28 19:59:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/28 19:59:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/28 19:59:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/28 19:59:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/28 19:59:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 19:59:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/28 19:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/28 19:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2013/05/27 22:29:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Logan\Start Menu\Programs\Administrative Tools
[2013/05/27 22:27:51 | 004,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Logan\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2013/05/27 22:26:08 | 005,150,143 | R--- | C] (Swearware) -- C:\Documents and Settings\Logan\Desktop\ComboFix.exe
[2013/05/25 14:28:08 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\erunt_setup.exe
[2013/05/19 15:57:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Logan\IECompatCache
[2013/05/18 23:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\VideoDownloadConverter_4zEI
[2013/05/17 00:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/16 23:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/05/16 17:56:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Logan\PrivacIE
[2013/05/16 14:33:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Logan\IETldCache
[2013/05/16 10:57:47 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/05/16 10:56:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/05/16 10:55:54 | 011,112,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/05/16 10:55:54 | 002,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/05/16 10:55:54 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/05/16 10:55:54 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/05/16 10:55:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/05/16 10:55:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/05/16 10:54:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/16 08:16:51 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2013/05/16 08:14:18 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2013/05/16 08:12:20 | 000,290,560 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2013/05/16 08:12:09 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2013/05/16 08:11:58 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/05/16 08:11:58 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/05/16 08:10:11 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2013/05/16 07:36:06 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2013/05/16 01:47:29 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2013/05/16 01:43:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2013/05/16 01:43:19 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2013/05/16 01:24:10 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2013/05/16 01:23:30 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2013/05/16 01:23:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2013/05/16 01:23:21 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2013/05/16 01:23:08 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2013/05/16 01:21:22 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2013/05/15 23:50:55 | 000,171,344 | ---- | C] (Kaspersky Lab) -- C:\kk.exe
[2013/05/12 11:42:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/11 17:34:12 | 000,000,000 | ---D | C] -- C:\Sality_RegKeys
[2013/05/11 17:31:51 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\SalityKiller.exe
[2013/05/10 20:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Logan\Doctor Web
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/06 17:04:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/06 16:48:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/06 16:44:16 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/06 16:44:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/06 16:44:08 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/03 21:56:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/03 07:51:58 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/03 01:45:45 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/06/03 01:09:54 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\Shortcut to OTL.lnk
[2013/06/03 00:58:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/03 00:40:51 | 005,150,143 | R--- | M] (Swearware) -- C:\Documents and Settings\Logan\Desktop\ComboFix.exe
[2013/06/02 17:07:58 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/02 17:07:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/02 03:12:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/30 21:58:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/29 22:34:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/05/29 22:34:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/05/29 22:29:32 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/05/29 22:28:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/05/29 22:27:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/05/28 20:02:39 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/28 20:02:39 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/28 20:01:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/05/27 22:27:30 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Logan\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2013/05/25 14:27:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\erunt_setup.exe
[2013/05/21 18:59:37 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/21 13:17:34 | 000,012,929 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\greeting_0787129001242830553_2.jpg
[2013/05/16 14:33:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/16 14:33:35 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 23:50:26 | 000,171,344 | ---- | M] (Kaspersky Lab) -- C:\kk.exe
[2013/05/11 17:39:27 | 004,354,048 | ---- | M] (Bethesda Softworks) -- C:\Documents and Settings\Logan\My Documents\Morrowind.exe
[2013/05/11 17:32:45 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/03 01:45:45 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/03 01:45:45 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/06/03 01:43:53 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 01:43:53 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 01:09:54 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\Shortcut to OTL.lnk
[2013/06/02 03:12:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/29 22:27:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/05/28 20:01:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/05/28 20:01:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/05/28 19:59:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/28 19:59:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/28 19:59:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/28 19:59:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/28 19:59:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/21 13:17:32 | 000,012,929 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\greeting_0787129001242830553_2.jpg
[2013/05/16 01:47:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/05/16 01:47:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013/05/13 21:39:58 | 000,451,584 | ---- | C] () -- C:\gmer.exe
[2013/01/28 13:01:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2013/01/07 21:54:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/12/23 04:05:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/08/02 10:17:08 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 17:04:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/15 17:02:48 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 15:49:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/15 15:25:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/02/15 15:25:46 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/02/15 15:25:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/02/15 15:17:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 15:10:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/17 00:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 15:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 03:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Edited by Wolffie, 06 June 2013 - 09:33 AM.

  • 0

#36
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Do you have Floppy Drive enabled?
  • 0

#37
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
not sure how to check

i don`t think i ever did anything do disable it thou
  • 0

#38
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Sorry for delay again. I had a big trouble with my internet connection.

not sure how to check


Just open My Computer shortcut on your Desktop. You should see it there if it's present.
  • 0

#39
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
yep its still there
  • 0

#40
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hey,

Please, follow these steps:

1. Click Start and then click Control Panel.
2. Double click the System.
3. In the window that appears, open the tab material.
4. Then click on the button Device Manager.
5. Unroll the element floppy drive controller.
6. Right click on the element controller Standard floppy disk and then choose Disable.
7. You can finally close the Device Manager.

How your computer is running now?
  • 0

Advertisements


#41
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
done
i think its more responsive :happy:
  • 0

#42
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
What about this annoying error message?
  • 0

#43
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
yeah also no more error i just did the reboot :happy:
  • 0

#44
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Please, follow these steps:

Step 1. MBAM scan.

Run Malwarebytes Anti-Malware.
  • Go to the Update tab.
  • Click on the Check for updates button. New small window should appear.
  • If an update is found, it will download and install the latest definitions.
  • Go back to the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

So, please, don't forget to post in your next message:

  • ESET Online Scanner's log
  • MBAM log

  • 0

#45
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
pum virus keeps popping up
also task manager again doesnt work and prolly rest of those nasty things its doign

i did the malwarebytes scan yesterday too and cleaned those 5 files now they are back again
also that eset link doesnt work but i went to this:
http://www.eset.com/...online-scanner/
and tried to go from there but the esetsmartinstaller_enu.exe file wont download
it gets stuck at halfway for some reason
maybe that pum thing is interfering with it


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.14.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Logan :: HOME-FA201A11EA [administrator]

6/18/2013 1:13:48 PM
mbam-log-2013-06-18 (13-13-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192556
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by Wolffie, 18 June 2013 - 05:54 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP