Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Antimalware doctor won't go away.

Started by Dreamcube017 , Aug 14 2010 10:57 AM

This topic is locked

#1
Dreamcube017

Posted 14 August 2010 - 10:57 AM

Member

Member
14 posts

Hi. I know there was a post on this before, but I couldn't completly follow the directions because The Comedian.exe seems to no longer exist.

I could only follow steps 2 and 3.

Here is the original post.
http://www.geekstogo...malware-doctor/

I've attached the OTS and GAMES logs to this post so you can take a look at them. But the Comedian.exe was nowhere to be found. (I looked in the downloads and it's not there). I also clicked on the link in the other post and it led to a 404 error.

Programs on the computer are also freezing as well.

Here are the logs attached. Thank you.

Attached Files

OTS.Txt 334.76KB 219 downloads
GAMERS.txt 2.65KB 195 downloads

Edited by Essexboy, 14 August 2010 - 11:15 AM.

#2
SweetTech

Posted 14 August 2010 - 02:53 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Do you know what this file is:

C:\Documents and Settings\David McKee\My Documents\DejobaansEasiestVideoGameEver.zip

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Driver Services - Safe List]
YY -> (FUTUREX) FUTUREX [Kernel | On_Demand | Stopped] -> F:\DOCUME~1\DC17\LOCALS~1\Temp\Rar$EX01.250\aida32.sys
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\] > -> 
YN -> HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\: Main\\"Start Page" -> http://fmz.qiwa.com
YN -> HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\: "ProxyEnable" -> 1
YN -> HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\: "ProxyOverride" -> <local>
< FireFox Settings [User.js] > -> F:\Documents and Settings\DC17\Application Data\Mozilla\FireFox\Profiles\t3svmb5a.default\user.js
YN -> keyword.URL -> "http://search.search-go.net/?sid=10101049100&s="
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\] > -> HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\] > -> HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\
YY -> Append Link Target to Existing PDF -> F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html]
YY -> E&xport to Microsoft Excel -> E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE [res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\] > -> HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> [Reg Error: Key error.]
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
YN -> "" -> http://
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.]
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YY -> \{ec6718bb-8ba2-11dd-a790-00173fc3c903}\Shell\AutoRun\command\\"" -> H:\Autorun.exe [H:\Autorun.exe /run]
YY -> \{ec6718bb-8ba2-11dd-a790-00173fc3c903}\Shell\Shell00\Command\\"" -> H:\Autorun.exe [H:\Autorun.exe /run]
YY -> \{ec6718bb-8ba2-11dd-a790-00173fc3c903}\Shell\Shell01\Command\\"" -> H:\Autorun.exe [H:\Autorun.exe /action]
YY -> \{ec6718bb-8ba2-11dd-a790-00173fc3c903}\Shell\Shell02\Command\\"" -> H:\Autorun.exe [H:\Autorun.exe /uninstall]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> AbyssWebServer hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> F:\Program Files\Abyss Web Server\abyssws.exe
YY -> Adobe Acrobat Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Acrobat 9.0\Acrobat\Acrobat_sl.exe
YY -> Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
YN -> NeroCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
YN -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {31261F21-2B16-45EE-BEAB-07C4CFA18B65} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\
YN -> {22BF413B-C6D2-4D91-82A9-A0F997BA588C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\
YN -> {074C1DC5-9320-4A9A-947D-C042949C6216} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.]
YY -> {1CE47888-DD62-482C-9723-4814BB04D45D} [HKLM] -> F:\WINDOWS\DOWNLO~1\MUSICS~1.OCX [musicshake]
YN -> {201F27D4-3704-41D6-89C1-AA35E39143ED} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {22BF413B-C6D2-4D91-82A9-A0F997BA588C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {2C2CC1E6-7DAE-437A-92C1-5A36F40920E9} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {3041D03E-FD4B-44E0-B742-2D9B88305F98} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {4EC3C351-9688-448E-BC3F-7428CB73F3B6} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {5067A26B-1337-4436-8AFE-EE169C2DA79F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {974C34A4-7FB0-4F2F-AA02-655E0CCCA662} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {A057A204-BACC-4D26-9990-79A187E2698E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {AE7CD045-E861-484F-8273-0445EE161910} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {D09C464F-07DE-4C04-ABB4-88C30329C02D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {F6406B2D-39A7-4566-A174-E19DDD818A95} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {F83DEC6C-F5E6-403A-9C83-36FB1B7007E2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {F9DD2A49-F771-4929-A0D5-9698A071F66B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {FDBA56A8-8FA7-41A3-97F4-A094019C4178} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 90 Days]
NY ->  {EA995DCE-D3E9-40C9-BCB1-0874FA500F8A} -> F:\Documents and Settings\DC17\Local Settings\Application Data\{EA995DCE-D3E9-40C9-BCB1-0874FA500F8A}
NY ->  bnmenfogd -> F:\Documents and Settings\DC17\Local Settings\Application Data\bnmenfogd
NY ->  7E71798517B28F0A9F914E05205A9B86 -> F:\Documents and Settings\DC17\Application Data\7E71798517B28F0A9F914E05205A9B86
NY ->  {32668325-91BE-446A-AF8C-48CFD8B70DD8} -> F:\Documents and Settings\All Users\Application Data\{32668325-91BE-446A-AF8C-48CFD8B70DD8}
[Files/Folders - Modified Within 90 Days]
NY ->  lltipxi.sys -> F:\WINDOWS\System32\drivers\lltipxi.sys
NY ->  Updater.job -> F:\WINDOWS\tasks\Updater.job
NY ->  lsrslt.ini -> F:\WINDOWS\lsrslt.ini
NY ->  Oxejuy.bin -> F:\WINDOWS\Oxejuy.bin
NY ->  Antimalware Doctor.lnk -> F:\Documents and Settings\DC17\Desktop\Antimalware Doctor.lnk
NY ->  Antimalware Doctor.lnk -> F:\Documents and Settings\DC17\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
NY ->  Enuruqugaroroh.dat -> F:\WINDOWS\Enuruqugaroroh.dat
NY ->  Atomix_Virtual_DJ_v6.0.2_Professional___Key_[RH].5174405.TPB.torrent -> C:\Documents and Settings\David McKee\My Documents\Atomix_Virtual_DJ_v6.0.2_Professional___Key_[RH].5174405.TPB.torrent
NY ->  atecns.msi -> C:\Documents and Settings\David McKee\My Documents\atecns.msi
[Files - No Company Name]
NY ->  lsrslt.ini -> F:\WINDOWS\lsrslt.ini
NY ->  Antimalware Doctor.lnk -> F:\Documents and Settings\DC17\Desktop\Antimalware Doctor.lnk
NY ->  Antimalware Doctor.lnk -> F:\Documents and Settings\DC17\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
NY ->  Enuruqugaroroh.dat -> F:\WINDOWS\Enuruqugaroroh.dat
NY ->  Oxejuy.bin -> F:\WINDOWS\Oxejuy.bin
NY ->  lltipxi.sys -> F:\WINDOWS\System32\drivers\lltipxi.sys
NY ->  Updater.job -> F:\WINDOWS\tasks\Updater.job
NY ->  DejobaansEasiestVideoGameEver.zip -> C:\Documents and Settings\David McKee\My Documents\DejobaansEasiestVideoGameEver.zip
NY ->  q3f3go4.dll -> F:\WINDOWS\System32\q3f3go4.dll
NY ->  d8uwnfp.dll -> F:\WINDOWS\System32\d8uwnfp.dll
NY ->  yjcedem.dll -> F:\WINDOWS\System32\yjcedem.dll
[Alternate Data Streams]
NY -> @Alternate Data Stream - 100 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:7FC4AF69
NY -> @Alternate Data Stream - 1043 bytes -> F:\Documents and Settings\DC17\Local Settings\Application Data\dktb2JE2AFyB:xLzBoEiqnMs8wgT3V
NY -> @Alternate Data Stream - 107 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:9638A27E
NY -> @Alternate Data Stream - 1082 bytes -> F:\Program Files\WindowsUpdate:Gh1khyvXuQJEHgS6rDp75R
NY -> @Alternate Data Stream - 1141 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:ouZxU9yrJi9ukgPintL79Xp2w
NY -> @Alternate Data Stream - 1154 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:h1j9fbjTyscNqnUc
NY -> @Alternate Data Stream - 1158 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:AbAGMcl7GpuNUU3PWRGmrDlbolQ
NY -> @Alternate Data Stream - 1175 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:XkFpVrLdQVrpQmnG1M7WOCxMu
NY -> @Alternate Data Stream - 1190 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:5CYkUYEP24VFw8bdEjA4ULo6
NY -> @Alternate Data Stream - 1210 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:5s3g2ULB1rw8lBK4xXW7LOM
NY -> @Alternate Data Stream - 1218 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:6Un1qxBxJPGvmYoB3gFxKJt2RABw3
NY -> @Alternate Data Stream - 1242 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:CGFsPvRfYR7j2UN4HDza1LG
NY -> @Alternate Data Stream - 1243 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:dRz0RwFQtcxXIFKM4WjzTdz6yArz
NY -> @Alternate Data Stream - 1247 bytes -> F:\Program Files\WindowsUpdate:Aaeg1YCTRCkQvxIoqQFcMsiur9
NY -> @Alternate Data Stream - 1259 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:EceRRl5x0zszopsD86ft
NY -> @Alternate Data Stream - 1260 bytes -> F:\Program Files\Common Files\System:j00THjgDrs2UFbNpML0RjQ
NY -> @Alternate Data Stream - 1301 bytes -> F:\Program Files\Common Files\Microsoft Shared:oyxvEY3i31biJNyuXjt50ibYj
NY -> @Alternate Data Stream - 1337 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:BynS45hG2tBJYp6e6390
NY -> @Alternate Data Stream - 1348 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:n9nruxcLEXy5Kzdt4YA9
NY -> @Alternate Data Stream - 1349 bytes -> F:\Documents and Settings\All Users\Application Data\Microsoft:vTaT6Z5lywdNzeh7IZ9dzoCz7
NY -> @Alternate Data Stream - 1349 bytes -> F:\Program Files\Common Files\Microsoft Shared:TCeo3hVhYtak7hCIugrvm6A2oJcM
NY -> @Alternate Data Stream - 1393 bytes -> F:\Documents and Settings\DC17\Local Settings\Application Data\bvdxQU69ve:TJKKhoUhmXMpK6716ObHlDh6
NY -> @Alternate Data Stream - 144 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
NY -> @Alternate Data Stream - 99 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:1295EE9F
[Purity]
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

NEXT:

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

#3
Dreamcube017

Posted 14 August 2010 - 04:36 PM

Member

Topic Starter
Member
14 posts

Firstly, thank you SO MUCH for your help.

I have a question before I go through the steps though. The Explorer.exe freezes a lot in Windows normal mode and sometimes other programs lock up. Even if I go into taskmanager and stop the malware from running, things still don't work quite right sometimes. Can I do these steps in safe mode or do I have to do it in normal mode? I'm not sure if I can get the Internet in safe mode even with networking unless it'll pick up the driver for my USB wreiless device. Otherwise, can I just get the Windows Recovery application from Microsfot and install it in safe mode that way from a flash drive? This is currently how I have to get the other programs to the computer. I'm not using that computer right now. It's almost unusable in normal mode.

Oh, to answer your question, the "easiestgameever.zip" is a game I got from some poeple who make games... I know that sounds sketchy, but I've run the game on other computers and many others have ran the game as well and it isn't harmful. It doesn't seem that way... Maybe it was infected on that computer because it runs fine on other machines. Why, is there something wrong with it?

#4
SweetTech

Posted 14 August 2010 - 04:43 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

I wasn't able to find much on that file while researching, so figured it'd be best to inquire about what it is. Thanks for the explanation.

Run the OTS fix. If you need to run it in Safe Mode. After running it see if things will run better for you in Normal Mode, and if not then run it in Safe Mode w/ networking.

#5
Dreamcube017

Posted 14 August 2010 - 06:37 PM

Member

Topic Starter
Member
14 posts

Alright. I did the first scan. Here is the OTS log. However, when I restarted the omputer, it gave me a message that said Windows is shutting down because the PRC service unexpectedly stopped running.

After the ccomputer restarted, the malware thing didn't pop up but the explorer isn't working. So I can't use the START menu or the taskbar or anything.

Should I continue in safe mode or do something else??

OTS log
All Processes Killed
[Driver Services - Safe List]
Service FUTUREX stopped successfully!
Service FUTUREX deleted successfully!
File F:\DOCUME~1\DC17\LOCALS~1\Temp\Rar$EX01.250\aida32.sys not found.
[Registry - Safe List]
Registry key HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
Registry value HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable deleted successfully.
Registry value HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
User.js: "http://search.search...10101049100&s=" removed from keyword.URL
Registry value HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
File F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll not found.
Registry key HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
File E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE not found.
Registry value HKEY_USERS\S-1-5-21-839522115-1390067357-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77BF5300-1474-4EC7-9980-D32B190E9B07}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
F:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec6718bb-8ba2-11dd-a790-00173fc3c903}\Shell\AutoRun\command\\ deleted successfully.
File H:\Autorun.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec6718bb-8ba2-11dd-a790-00173fc3c903}\Shell\Shell00\Command\\ deleted successfully.
File H:\Autorun.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec6718bb-8ba2-11dd-a790-00173fc3c903}\Shell\Shell01\Command\\ deleted successfully.
File H:\Autorun.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec6718bb-8ba2-11dd-a790-00173fc3c903}\Shell\Shell02\Command\\ deleted successfully.
File H:\Autorun.exe not found.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AbyssWebServer hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
File F:\Program Files\Abyss Web Server\abyssws.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Acrobat Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
File C:\Program Files\Acrobat 9.0\Acrobat\Acrobat_sl.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
File F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{22BF413B-C6D2-4D91-82A9-A0F997BA588C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22BF413B-C6D2-4D91-82A9-A0F997BA588C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{754FF233-5D4E-11D2-875B-00A0C93C09B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754FF233-5D4E-11D2-875B-00A0C93C09B3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A057A204-BACC-4D26-9990-79A187E2698E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1549E58-3894-11D2-BB7F-00A0C999C4C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1549E58-3894-11D2-BB7F-00A0C999C4C1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C533ADF1-0C80-11D1-8C54-00A02468F316}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C533ADF1-0C80-11D1-8C54-00A02468F316}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CE47888-DD62-482C-9723-4814BB04D45D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CE47888-DD62-482C-9723-4814BB04D45D}\ deleted successfully.
F:\WINDOWS\DOWNLO~1\MUSICS~1.OCX moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{22BF413B-C6D2-4D91-82A9-A0F997BA588C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22BF413B-C6D2-4D91-82A9-A0F997BA588C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C2CC1E6-7DAE-437A-92C1-5A36F40920E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C2CC1E6-7DAE-437A-92C1-5A36F40920E9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{2C2CC1E6-7DAE-437A-92C1-5A36F40920E9}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4EC3C351-9688-448E-BC3F-7428CB73F3B6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EC3C351-9688-448E-BC3F-7428CB73F3B6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{4EC3C351-9688-448E-BC3F-7428CB73F3B6}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5067A26B-1337-4436-8AFE-EE169C2DA79F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5067A26B-1337-4436-8AFE-EE169C2DA79F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77BF5300-1474-4EC7-9980-D32B190E9B07}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77BF5300-1474-4EC7-9980-D32B190E9B07}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{974C34A4-7FB0-4F2F-AA02-655E0CCCA662}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{974C34A4-7FB0-4F2F-AA02-655E0CCCA662}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{974C34A4-7FB0-4F2F-AA02-655E0CCCA662}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A057A204-BACC-4D26-9990-79A187E2698E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE7CD045-E861-484F-8273-0445EE161910}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE7CD045-E861-484F-8273-0445EE161910}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D09C464F-07DE-4C04-ABB4-88C30329C02D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D09C464F-07DE-4C04-ABB4-88C30329C02D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{D09C464F-07DE-4C04-ABB4-88C30329C02D}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2E2DD38-D088-4134-82B7-F2BA38496583}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4971EE7-DAA0-4053-9964-665D8EE6A077}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4971EE7-DAA0-4053-9964-665D8EE6A077}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6406B2D-39A7-4566-A174-E19DDD818A95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6406B2D-39A7-4566-A174-E19DDD818A95}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{F6406B2D-39A7-4566-A174-E19DDD818A95}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F83DEC6C-F5E6-403A-9C83-36FB1B7007E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F83DEC6C-F5E6-403A-9C83-36FB1B7007E2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{F83DEC6C-F5E6-403A-9C83-36FB1B7007E2}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9DD2A49-F771-4929-A0D5-9698A071F66B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9DD2A49-F771-4929-A0D5-9698A071F66B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{F9DD2A49-F771-4929-A0D5-9698A071F66B}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11D2-BB9E-00C04F795683}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDBA56A8-8FA7-41A3-97F4-A094019C4178}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDBA56A8-8FA7-41A3-97F4-A094019C4178}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{FDBA56A8-8FA7-41A3-97F4-A094019C4178}\ deleted successfully.
[Files/Folders - Created Within 90 Days]
F:\Documents and Settings\DC17\Local Settings\Application Data\{EA995DCE-D3E9-40C9-BCB1-0874FA500F8A}\chrome\content folder moved successfully.
F:\Documents and Settings\DC17\Local Settings\Application Data\{EA995DCE-D3E9-40C9-BCB1-0874FA500F8A}\chrome folder moved successfully.
F:\Documents and Settings\DC17\Local Settings\Application Data\{EA995DCE-D3E9-40C9-BCB1-0874FA500F8A} folder moved successfully.
F:\Documents and Settings\DC17\Local Settings\Application Data\bnmenfogd folder moved successfully.
F:\Documents and Settings\DC17\Application Data\7E71798517B28F0A9F914E05205A9B86 folder moved successfully.
F:\Documents and Settings\All Users\Application Data\{32668325-91BE-446A-AF8C-48CFD8B70DD8} folder moved successfully.
[Files/Folders - Modified Within 90 Days]
File move failed. F:\WINDOWS\System32\drivers\lltipxi.sys scheduled to be moved on reboot.
F:\WINDOWS\tasks\Updater.job moved successfully.
F:\WINDOWS\lsrslt.ini moved successfully.
F:\WINDOWS\Oxejuy.bin moved successfully.
File F:\Documents and Settings\DC17\Desktop\Antimalware Doctor.lnk not found!
F:\Documents and Settings\DC17\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk moved successfully.
F:\WINDOWS\Enuruqugaroroh.dat moved successfully.
C:\Documents and Settings\David McKee\My Documents\Atomix_Virtual_DJ_v6.0.2_Professional___Key_[RH].5174405.TPB.torrent moved successfully.
C:\Documents and Settings\David McKee\My Documents\atecns.msi moved successfully.
[Files - No Company Name]
File F:\WINDOWS\lsrslt.ini not found!
File F:\Documents and Settings\DC17\Desktop\Antimalware Doctor.lnk not found!
File F:\Documents and Settings\DC17\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk not found!
File F:\WINDOWS\Enuruqugaroroh.dat not found!
File F:\WINDOWS\Oxejuy.bin not found!
File move failed. F:\WINDOWS\System32\drivers\lltipxi.sys scheduled to be moved on reboot.
File F:\WINDOWS\tasks\Updater.job not found!
C:\Documents and Settings\David McKee\My Documents\DejobaansEasiestVideoGameEver.zip moved successfully.
LoadLibrary failed for F:\WINDOWS\System32\q3f3go4.dll
F:\WINDOWS\System32\q3f3go4.dll moved successfully.
LoadLibrary failed for F:\WINDOWS\System32\d8uwnfp.dll
F:\WINDOWS\System32\d8uwnfp.dll moved successfully.
LoadLibrary failed for F:\WINDOWS\System32\yjcedem.dll
F:\WINDOWS\System32\yjcedem.dll moved successfully.
[Alternate Data Streams]
ADS F:\Documents and Settings\All Users\Application Data\TEMP:7FC4AF69 deleted successfully.
ADS F:\Documents and Settings\DC17\Local Settings\Application Data\dktb2JE2AFyB:xLzBoEiqnMs8wgT3V deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\TEMP:9638A27E deleted successfully.
ADS F:\Program Files\WindowsUpdate:Gh1khyvXuQJEHgS6rDp75R deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:ouZxU9yrJi9ukgPintL79Xp2w deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:h1j9fbjTyscNqnUc deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:AbAGMcl7GpuNUU3PWRGmrDlbolQ deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:XkFpVrLdQVrpQmnG1M7WOCxMu deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:5CYkUYEP24VFw8bdEjA4ULo6 deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:5s3g2ULB1rw8lBK4xXW7LOM deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:6Un1qxBxJPGvmYoB3gFxKJt2RABw3 deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:CGFsPvRfYR7j2UN4HDza1LG deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:dRz0RwFQtcxXIFKM4WjzTdz6yArz deleted successfully.
ADS F:\Program Files\WindowsUpdate:Aaeg1YCTRCkQvxIoqQFcMsiur9 deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:EceRRl5x0zszopsD86ft deleted successfully.
ADS F:\Program Files\Common Files\System:j00THjgDrs2UFbNpML0RjQ deleted successfully.
ADS F:\Program Files\Common Files\Microsoft Shared:oyxvEY3i31biJNyuXjt50ibYj deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:BynS45hG2tBJYp6e6390 deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:n9nruxcLEXy5Kzdt4YA9 deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\Microsoft:vTaT6Z5lywdNzeh7IZ9dzoCz7 deleted successfully.
ADS F:\Program Files\Common Files\Microsoft Shared:TCeo3hVhYtak7hCIugrvm6A2oJcM deleted successfully.
ADS F:\Documents and Settings\DC17\Local Settings\Application Data\bvdxQU69ve:TJKKhoUhmXMpK6716ObHlDh6 deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
ADS F:\Documents and Settings\All Users\Application Data\TEMP:1295EE9F deleted successfully.
[Purity]
Purity scan complete.
[Empty Temp Folders]

User: All Users

User: DC17
->Temp folder emptied: 1325036868 bytes
->Temporary Internet Files folder emptied: 39900783 bytes
->Java cache emptied: 77191255 bytes
->FireFox cache emptied: 112503555 bytes
->Google Chrome cache emptied: 88639449 bytes
->Flash cache emptied: 3616234 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1048978 bytes

User: NetworkService
->Temp folder emptied: 893496 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2337500 bytes
%systemroot%\System32 .tmp files removed: 1613377 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16895 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 87211820 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,660.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.34.0 fix logfile created on 08142010_200527

Files\Folders moved on Reboot...
File move failed. F:\WINDOWS\System32\drivers\lltipxi.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#6
SweetTech

Posted 14 August 2010 - 06:46 PM

Sir SpamAlot

Retired Staff
7,671 posts

Please proceed with downloading and running ComboFix. If you need to boot into Safe Mode w/ Networking and download and run it from their.

#7
Dreamcube017

Posted 14 August 2010 - 11:31 PM

Member

Topic Starter
Member
14 posts

Alright. Here is the combofix log. Hmm... I hope the formatting doesn't get messed up.

SOme not so great news though. Sadly I was unable to get recovory console installed because when I went into safe mode with networking, my wireless USB device wouldn't get the network correcly and it kept saying "limited or no connection". I tried some other ways, but I couldn't find my XP CD and I didn't see a download on the Microsoft site when I searched for it.

I didn't want to try and close Combofix, so I just let it run. Should I look for my XP CD again and install the Recovory console and run Combofix again?

Combofix log

ComboFix 10-08-14.02 - DC17 15/08/2010 1:14.1.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3070.2777 [GMT -4:00]
Running from: f:\documents and settings\DC17\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\DC17\Application Data\inst.exe
f:\documents and settings\DC17\Application Data\IUpd721
f:\documents and settings\DC17\Application Data\IUpd721\Logs\scns.log
f:\program files\Mozilla Firefox\searchplugins\google_search.xml
f:\windows\$NtUninstallMTF1011$
f:\windows\$NtUninstallMTF1011$\apUninstall.exe
f:\windows\Readme.txt
f:\windows\system32\pac.txt
f:\windows\UA000106.DLL
G:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 00:05 . 2010-08-15 00:05 -------- d-----w- F:\_OTS
2010-08-11 06:18 . 2010-08-11 06:34 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-11 06:18 . 2010-08-11 06:18 -------- d-----w- f:\program files\Spybot - Search & Destroy
2010-08-10 15:52 . 2010-08-15 05:20 782848 ----a-w- f:\windows\system32\drivers\lltipxi.sys
2010-08-09 22:33 . 2010-08-09 22:33 -------- d-----w- f:\documents and settings\DC17\Local Settings\Application Data\Bizarre Creations
2010-08-08 11:30 . 2010-08-08 11:30 503808 ----a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b307008-n\msvcp71.dll
2010-08-08 11:30 . 2010-08-08 11:30 499712 ----a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b307008-n\jmc.dll
2010-08-08 11:30 . 2010-08-08 11:30 348160 ----a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b307008-n\msvcr71.dll
2010-08-08 11:30 . 2010-08-08 11:30 61440 ----a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1f6ec9e3-n\decora-sse.dll
2010-08-08 11:30 . 2010-08-08 11:30 12800 ----a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1f6ec9e3-n\decora-d3d.dll
2010-08-01 06:17 . 2010-06-14 14:31 744448 -c----w- f:\windows\system32\dllcache\helpsvc.exe
2010-08-01 06:10 . 2010-08-01 06:10 29512 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-08-01 06:10 . 2010-08-01 06:10 242896 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-08-01 06:10 . 2010-08-01 06:10 216200 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-08-01 06:08 . 2010-08-01 06:08 12536 ----a-w- f:\windows\system32\avgrsstx.dll
2010-08-01 06:05 . 2010-08-01 06:05 813336 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-08-01 06:05 . 2010-08-01 06:05 624920 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-08-01 06:05 . 2010-08-01 06:05 1690464 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-08-01 06:05 . 2010-08-01 06:05 1038688 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-08-01 06:02 . 2010-08-01 06:02 2944904 ----a-w- f:\documents and settings\DC17\Application Data\Mozilla\Firefox\Profiles\t3svmb5a.default\extensions\[email protected]\chrome\temp\askToolbar.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 16:22 . 2008-09-25 02:10 -------- d-----w- f:\documents and settings\DC17\Application Data\Skype
2010-08-14 15:21 . 2008-09-25 02:10 -------- d-----w- f:\documents and settings\DC17\Application Data\skypePM
2010-08-11 07:03 . 2009-08-31 03:52 -------- d-----w- f:\program files\Free Offers from Freeze.com
2010-08-10 16:13 . 2009-11-10 21:24 -------- d-----w- f:\documents and settings\All Users\Application Data\avg9
2010-08-01 09:01 . 2010-01-23 02:28 -------- d-----w- f:\program files\Ask.com
2010-08-01 07:04 . 2008-10-20 23:07 -------- d-----w- f:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-01 06:08 . 2008-09-21 04:19 243024 ----a-w- f:\windows\system32\drivers\avgtdix.sys
2010-08-01 06:08 . 2008-09-21 04:19 29584 ----a-w- f:\windows\system32\drivers\avgmfx86.sys
2010-08-01 06:07 . 2008-09-21 04:19 216400 ----a-w- f:\windows\system32\drivers\avgldx86.sys
2010-06-14 14:31 . 2008-09-20 23:10 744448 ----a-w- f:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-23 11:30 . 2010-05-23 11:30 61440 -c--a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1213f078-n\decora-sse.dll
2010-05-23 11:30 . 2010-05-23 11:30 503808 -c--a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71b15646-n\msvcp71.dll
2010-05-23 11:30 . 2010-05-23 11:30 348160 -c--a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71b15646-n\msvcr71.dll
2010-05-23 11:30 . 2010-05-23 11:30 499712 -c--a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71b15646-n\jmc.dll
2010-05-23 11:30 . 2010-05-23 11:30 12800 -c--a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1213f078-n\decora-d3d.dll
2009-12-05 08:27 . 2009-11-11 02:25 25 -c-h--w- f:\program files\Common Files\common.log
2008-03-09 12:25 . 2008-12-01 21:12 236 -c-ha-w- f:\program files\Common Files\dx.reg
2006-07-13 15:19 . 2008-09-27 07:21 6718464 -c--a-w- f:\program files\mozilla firefox\plugins\libvlc.dll
2009-10-11 23:50 . 2009-10-11 23:50 76 -csh--r- f:\windows\ICSET40.BIN
2006-05-03 10:06 . 2008-11-02 21:12 163328 --sh--r- f:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-11-02 21:12 31232 -csh--r- f:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2008-11-17 00:39 216064 -csh--r- f:\windows\system32\nbDX.dll
2007-12-17 12:43 . 2008-11-02 21:12 27648 -csh--w- f:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- f:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-05-03 09:42 220208 ----a-w- c:\documents and settings\David McKee\My Documents\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "f:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "f:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="f:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"AdobeUpdater"="f:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-06-26 2356088]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"JMB36X IDE Setup"="f:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="f:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"M-Audio Taskbar Icon"="f:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"DigidesignMMERefresh"="c:\program files\Digidesign\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVG9_TRAY"="f:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-01 2065760]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"XboxStat"="f:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-11-21 12669544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\DC17\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-10-22 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-01 06:08 12536 ----a-w- f:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
backup=f:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
f:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- f:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-06-26 21:03 2356088 ----a-w- f:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-12-01 01:00 323392 ----a-w- f:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 17:34 2772992 -c--a-w- f:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy TM Forever]
2008-11-17 19:35 399872 ----a-w- c:\program files\Easy TM\EasyTM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
2007-12-14 15:46 236040 ----a-w- f:\program files\GIGABYTE\GEST\run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 19:30 249856 -c--a-w- f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 -c--a-w- f:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2009-07-21 17:52 236816 -c--a-w- c:\program files\Memeo\Memeo Send\MemeoLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- f:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 15:50 155648 -c--a-w- f:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2008-11-19 21:26 737312 -c--a-w- c:\program files\PowerStrip\PStrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 -c--a-w- f:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-10 16:24 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wefi]
2009-10-25 17:07 500056 ----a-w- f:\program files\WeFi\WeFi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 -c----w- f:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomText]
2009-04-23 15:04 3462392 ----a-w- f:\program files\ZoomText 9.1\Zt.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"f:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"f:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"f:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"f:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Vuze\\Azureus.exe"=
"f:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\spectraball\\Spectraball.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"f:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Crazybump\\CB.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"f:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"f:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"f:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\zuma's revenge\\ZumasRevenge.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fatale\\FATALE.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForeverLauncher.exe"=
"f:\\Program Files\\DNA\\btdna.exe"=
"f:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LuxRender\\luxconsole.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"f:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"f:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29101:TCP"= 29101:TCP:???? ??
"6880:TCP"= 6880:TCP:torrent
"8107:TCP"= 8107:TCP:eAmuse
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"58173:TCP"= 58173:TCP:Pando Media Booster
"58173:UDP"= 58173:UDP:Pando Media Booster

R0 DigiFilter;DigiFilter;f:\windows\system32\drivers\DigiFilt.sys [25/11/2008 4:05 AM 16384]
S1 Ai2sXP;Ai2sXP;f:\windows\system32\drivers\Ai2sXP.sys [25/03/2009 9:07 PM 7680]
S1 AvgLdx86;AVG AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [21/09/2008 12:19 AM 216400]
S1 AvgTdiX;AVG8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [21/09/2008 12:19 AM 243024]
S2 avg9emc;AVG Free E-mail Scanner;f:\program files\AVG\AVG9\avgemc.exe [01/08/2010 2:07 AM 921952]
S2 avg9wd;AVG Free WatchDog;f:\program files\AVG\AVG9\avgwdsvc.exe [01/08/2010 2:07 AM 308136]
S2 HssWd;Hotspot Shield Monitoring Service;c:\documents and settings\David McKee\My Documents\Hotspot Shield\bin\hsswd.exe [31/03/2010 8:24 PM 194608]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/03/2008 1:04 AM 65536]
S2 PStrip;PStrip;f:\windows\system32\drivers\pstrip.sys [14/07/2007 10:37 PM 27992]
S3 FSVD2DRIVER;Freedom Scientific Video Device 2;f:\windows\system32\drivers\fsvd2strm.sys [12/11/2008 7:12 PM 31000]
S3 GEST Service;GEST Service for program management.;f:\program files\GIGABYTE\GEST\GSvr.exe [20/09/2008 7:56 PM 47624]
S3 iLokDrvr;iLok;f:\windows\system32\drivers\iLokDrvr.sys [08/09/2008 2:05 PM 54256]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);f:\windows\system32\drivers\mausb.sys [21/11/2008 12:55 AM 143624]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [29/10/2008 2:39 PM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [29/10/2008 2:39 PM 8320]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/03/2010 11:33 AM 14424]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;f:\windows\system32\drivers\ScreamingBAudio.sys [07/09/2008 9:02 PM 21920]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;f:\windows\system32\drivers\lgusbgps.sys [20/03/2010 10:32 AM 19968]
S3 WefiEngSvc;WeFi Engine Service;f:\program files\WeFi\WefiEngSvc.exe [25/10/2009 1:07 PM 140632]
S3 XDva193;XDva193;\??\f:\windows\system32\XDva193.sys --> f:\windows\system32\XDva193.sys [?]
S3 XDva203;XDva203;\??\f:\windows\system32\XDva203.sys --> f:\windows\system32\XDva203.sys [?]
S3 XDva209;XDva209;\??\f:\windows\system32\XDva209.sys --> f:\windows\system32\XDva209.sys [?]
S3 XDva212;XDva212;\??\f:\windows\system32\XDva212.sys --> f:\windows\system32\XDva212.sys [?]
S3 XDva222;XDva222;\??\f:\windows\system32\XDva222.sys --> f:\windows\system32\XDva222.sys [?]
S3 XDva223;XDva223;\??\f:\windows\system32\XDva223.sys --> f:\windows\system32\XDva223.sys [?]
S3 XDva347;XDva347;\??\f:\windows\system32\XDva347.sys --> f:\windows\system32\XDva347.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - lltipxi
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 f:\windows\Tasks\OGALogon.job
- f:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-08-15 f:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- f:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://fmz.qiwa.com
IE: &Winamp Search - f:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
LSP: bmnet.dll
TCP: {4B0F673C-46C5-4A56-B109-95646F9665C8} = 192.168.2.1,192.168.2.2
DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} - hxxp://pump.musicshake.com/NewDownload/musicshake.cab
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.nowcdn.co.kr/bin/DownStarter.cab
DPF: {47D22CCE-3C08-4DB0-BB99-B7D2266EEF5C} - hxxp://ez2on.uplay.co.kr/dll/RetroLauncher_10224.cab
DPF: {6DFC930D-4E50-4997-BC36-C37E41E52A23} - hxxp://ez2on.uplay.co.kr/dll/Retro_SystemCheck.cab
DPF: {9A48FC0D-F45B-4C77-9FE4-09ABE7F095F1} - hxxp://ez2on.uplay.co.kr/dataroom/atc1802.cab
DPF: {E91B6C86-494B-40B8-8266-627E5D57DA31} - hxxp://cdnfile.hclc.co.kr/cdn_file/X_ClientExx.cab
FF - ProfilePath - f:\documents and settings\DC17\Application Data\Mozilla\Firefox\Profiles\t3svmb5a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fmz.qiwa.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: f:\documents and settings\DC17\Application Data\Mozilla\Firefox\Profiles\t3svmb5a.default\extensions\[email protected]\plugins\npWildPocketsLoader.dll
FF - plugin: f:\documents and settings\DC17\Application Data\Vusion\npWARPVideoPlugin.303954.dll
FF - plugin: f:\documents and settings\DC17\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: f:\documents and settings\DC17\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: f:\documents and settings\DC17\LocalLow\StoneTrip\Web Player\npShiVa3D.dll
FF - plugin: f:\program files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll
FF - plugin: f:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: f:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: f:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: f:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-secureapp70700.exe - f:\documents and settings\DC17\Application Data\7E71798517B28F0A9F914E05205A9B86\secureapp70700.exe
MSConfigStartUp-AbyssWebServer - f:\program files\Abyss Web Server\abyssws.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-Adobe Reader Speed Launcher - f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-$NtUninstallMTF1011$ - f:\windows\$NtUninstallMTF1011$\apUninstall.exe
AddRemove-Caligari trueSpace7.61 Beta 8 Standalone_is1 - c:\truespace761std\unins000.exe
AddRemove-Final Fantasy VII - c:\program files\Final Fantasy VII\Uninst.isu
AddRemove-FL Studio 8 - e:\program files\Image-Line\FL Studio 8\uninstall.exe
AddRemove-Kirstens S20 - f:\documents and settings\All Users\Application Data\{32668325-91BE-446A-AF8C-48CFD8B70DD8}\Kirstens S20.exe
AddRemove-Native Instruments Reaktor 5 - c:\progra~1\NATIVE~1\REAKTO~1\UNWISE.EXE
AddRemove-NSS - e:\program files\NSS\uninstall.exe
AddRemove-NVIDIA Display Control Panel - f:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-The Endless Forest_is1 - f:\program files\Tale of Tales\The Endless Forest 3\unins000.exe
AddRemove-Trackmania United pack track - e:\documents and settings\David McKee\My Documents\TrackMania\Tracks\Challenges\Downloaded\un_Trackmania United pack track_12345.exe
AddRemove-VirtualDub Filter Pack_is1 - c:\documents and settings\David McKee\My Documents\EXE files\VirtualDub-1.8.7\VD Filter Pack\unins000.exe
AddRemove-{0F144F47-02D6-45EE-9026-988B84EBE1B8} - f:\documents and settings\All Users\Application Data\{32668325-91BE-446A-AF8C-48CFD8B70DD8}\Kirstens S20.exe
AddRemove-{76C24F39-B161-498F-BD8B-C64789812D13}_is1 - e:\program files\VSO\ConvertX\3\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 01:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lltipxi]

.
Completion time: 2010-08-15 01:23:00
ComboFix-quarantined-files.txt 2010-08-15 05:22

Pre-Run: 2,316,292,096 bytes free
Post-Run: 2,254,184,448 bytes free

- - End Of File - - C15A45B753E078BC970251B526871E85

SPECIAL NOTE:
I have to go out of town tomorrow and will be back tuesday. I'll still have net access, but I won't be able to get to the computer that needs fixing. So I can respond, but I won't be able to try anything till I get back.

#8
SweetTech

Posted 15 August 2010 - 08:43 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello,

Thanks for letting me know.

Lets proceed. Please attempt to run these fixes in Normal Mode.

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
f:\windows\system32\drivers\lltipxi.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
DDS::
uStart Page = hxxp://fmz.qiwa.com
Firefox::
FF - ProfilePath - f:\documents and settings\DC17\Application Data\Mozilla\Firefox\Profiles\t3svmb5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://fmz.qiwa.com
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Scanning with MalwareBytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "JDK 6 Update 21 (JDK or JRE)".
Click the "Download JRE" button to the right.
Select your Platform: "Windows".
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "Accept License Agreement".
Click Continue and the page will refresh.
Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

Clean Java Cache & Temporary Files

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

NEXT:

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location and post it in your next reply.

NEXT:

Kaspersky Online Scanner
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, adware, dialers, and other riskware
- Archives
- E-mail databases
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#9
Dreamcube017

Posted 15 August 2010 - 08:38 PM

Member

Topic Starter
Member
14 posts

Wow looks like I've got my work cut out for me.

I'll be sure to try this when I return home on Tuesday evening.

Since I'm out of town, there will be a delay. So please don't close the topic. Thank you.

#10
SweetTech

Posted 15 August 2010 - 08:40 PM

Sir SpamAlot

Retired Staff
7,671 posts

I'll make sure I keep the thread open.

#11
Dreamcube017

Posted 17 August 2010 - 10:49 PM

Member

Topic Starter
Member
14 posts

Alright, here's combofix's log.

ComboFix 10-08-17.02 - DC17 18/08/2010 0:30.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3070.2416 [GMT -4:00]
Running from: f:\documents and settings\DC17\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\DC17\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"f:\windows\system32\drivers\lltipxi.sys"
.

((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-15 00:05 . 2010-08-15 00:05 -------- d-----w- F:\_OTS
2010-08-11 06:18 . 2010-08-11 06:34 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-11 06:18 . 2010-08-11 06:18 -------- d-----w- f:\program files\Spybot - Search & Destroy
2010-08-09 22:33 . 2010-08-09 22:33 -------- d-----w- f:\documents and settings\DC17\Local Settings\Application Data\Bizarre Creations
2010-08-01 06:17 . 2010-06-14 14:31 744448 -c----w- f:\windows\system32\dllcache\helpsvc.exe
2010-08-01 06:08 . 2010-08-01 06:08 12536 ----a-w- f:\windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 04:40 . 2008-09-25 02:10 -------- d-----w- f:\documents and settings\DC17\Application Data\Skype
2010-08-18 04:04 . 2008-09-25 02:10 -------- d-----w- f:\documents and settings\DC17\Application Data\skypePM
2010-08-11 07:03 . 2009-08-31 03:52 -------- d-----w- f:\program files\Free Offers from Freeze.com
2010-08-10 16:13 . 2009-11-10 21:24 -------- d-----w- f:\documents and settings\All Users\Application Data\avg9
2010-08-08 11:30 . 2010-08-08 11:30 503808 ----a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b307008-n\msvcp71.dll
2010-08-08 11:30 . 2010-08-08 11:30 499712 ----a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b307008-n\jmc.dll
2010-08-08 11:30 . 2010-08-08 11:30 348160 ----a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b307008-n\msvcr71.dll
2010-08-08 11:30 . 2010-08-08 11:30 61440 ----a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1f6ec9e3-n\decora-sse.dll
2010-08-08 11:30 . 2010-08-08 11:30 12800 ----a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1f6ec9e3-n\decora-d3d.dll
2010-08-01 09:01 . 2010-01-23 02:28 -------- d-----w- f:\program files\Ask.com
2010-08-01 07:04 . 2008-10-20 23:07 -------- d-----w- f:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-01 06:10 . 2010-08-01 06:10 29512 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-08-01 06:10 . 2010-08-01 06:10 242896 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-08-01 06:10 . 2010-08-01 06:10 216200 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-08-01 06:08 . 2008-09-21 04:19 243024 ----a-w- f:\windows\system32\drivers\avgtdix.sys
2010-08-01 06:08 . 2008-09-21 04:19 29584 ----a-w- f:\windows\system32\drivers\avgmfx86.sys
2010-08-01 06:07 . 2008-09-21 04:19 216400 ----a-w- f:\windows\system32\drivers\avgldx86.sys
2010-08-01 06:05 . 2010-08-01 06:05 813336 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-08-01 06:05 . 2010-08-01 06:05 624920 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-08-01 06:05 . 2010-08-01 06:05 1690464 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-08-01 06:05 . 2010-08-01 06:05 1038688 ----a-w- f:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-08-01 06:02 . 2010-08-01 06:02 2944904 ----a-w- f:\documents and settings\DC17\Application Data\Mozilla\Firefox\Profiles\t3svmb5a.default\extensions\[email protected]\chrome\temp\askToolbar.exe
2010-06-14 14:31 . 2008-09-20 23:10 744448 ----a-w- f:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-23 11:30 . 2010-05-23 11:30 61440 -c--a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1213f078-n\decora-sse.dll
2010-05-23 11:30 . 2010-05-23 11:30 503808 -c--a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71b15646-n\msvcp71.dll
2010-05-23 11:30 . 2010-05-23 11:30 348160 -c--a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71b15646-n\msvcr71.dll
2010-05-23 11:30 . 2010-05-23 11:30 499712 -c--a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-71b15646-n\jmc.dll
2010-05-23 11:30 . 2010-05-23 11:30 12800 -c--a-w- f:\documents and settings\DC17\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1213f078-n\decora-d3d.dll
2009-12-05 08:27 . 2009-11-11 02:25 25 -c-h--w- f:\program files\Common Files\common.log
2008-03-09 12:25 . 2008-12-01 21:12 236 -c-ha-w- f:\program files\Common Files\dx.reg
2006-07-13 15:19 . 2008-09-27 07:21 6718464 -c--a-w- f:\program files\mozilla firefox\plugins\libvlc.dll
2009-10-11 23:50 . 2009-10-11 23:50 76 -csh--r- f:\windows\ICSET40.BIN
2006-05-03 10:06 . 2008-11-02 21:12 163328 --sh--r- f:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-11-02 21:12 31232 -csh--r- f:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2008-11-17 00:39 216064 -csh--r- f:\windows\system32\nbDX.dll
2007-12-17 12:43 . 2008-11-02 21:12 27648 -csh--w- f:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- f:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "f:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "f:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="f:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"AdobeUpdater"="f:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-06-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"JMB36X IDE Setup"="f:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="f:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"M-Audio Taskbar Icon"="f:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"DigidesignMMERefresh"="c:\program files\Digidesign\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVG9_TRAY"="f:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-01 2065760]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"XboxStat"="f:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-11-21 12669544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\DC17\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-10-22 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-01 06:08 12536 ----a-w- f:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
backup=f:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- f:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-06-26 21:03 2356088 ----a-w- f:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-12-01 01:00 323392 ----a-w- f:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-22 17:34 2772992 -c--a-w- f:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy TM Forever]
2008-11-17 19:35 399872 ----a-w- c:\program files\Easy TM\EasyTM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
2007-12-14 15:46 236040 ----a-w- f:\program files\GIGABYTE\GEST\run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 19:30 249856 -c--a-w- f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 -c--a-w- f:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2009-07-21 17:52 236816 -c--a-w- c:\program files\Memeo\Memeo Send\MemeoLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- f:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 15:50 155648 -c--a-w- f:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
2008-11-19 21:26 737312 -c--a-w- c:\program files\PowerStrip\PStrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 -c--a-w- f:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 19:31 2144088 --sha-r- f:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-10 16:24 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wefi]
2009-10-25 17:07 500056 ----a-w- f:\program files\WeFi\WeFi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 -c----w- f:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomText]
2009-04-23 15:04 3462392 ----a-w- f:\program files\ZoomText 9.1\Zt.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"f:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"f:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"f:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"f:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Vuze\\Azureus.exe"=
"f:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\spectraball\\Spectraball.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"f:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Crazybump\\CB.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"f:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"f:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"f:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\zuma's revenge\\ZumasRevenge.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fatale\\FATALE.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania united\\TmForeverLauncher.exe"=
"f:\\Program Files\\DNA\\btdna.exe"=
"f:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\osmos\\osmos.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LuxRender\\luxconsole.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"f:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"f:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29101:TCP"= 29101:TCP:???? ??
"6880:TCP"= 6880:TCP:torrent
"8107:TCP"= 8107:TCP:eAmuse
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"58173:TCP"= 58173:TCP:Pando Media Booster
"58173:UDP"= 58173:UDP:Pando Media Booster

R0 DigiFilter;DigiFilter;f:\windows\system32\drivers\DigiFilt.sys [25/11/2008 4:05 AM 16384]
R1 Ai2sXP;Ai2sXP;f:\windows\system32\drivers\Ai2sXP.sys [25/03/2009 9:07 PM 7680]
R1 AvgLdx86;AVG AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [21/09/2008 12:19 AM 216400]
R1 AvgTdiX;AVG8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [21/09/2008 12:19 AM 243024]
R2 avg9emc;AVG Free E-mail Scanner;f:\program files\AVG\AVG9\avgemc.exe [01/08/2010 2:07 AM 921952]
R2 avg9wd;AVG Free WatchDog;f:\program files\AVG\AVG9\avgwdsvc.exe [01/08/2010 2:07 AM 308136]
R2 HssWd;Hotspot Shield Monitoring Service;c:\documents and settings\David McKee\My Documents\Hotspot Shield\bin\hsswd.exe [31/03/2010 8:24 PM 194608]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [10/03/2008 1:04 AM 65536]
R2 PStrip;PStrip;f:\windows\system32\drivers\pstrip.sys [14/07/2007 10:37 PM 27992]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;f:\windows\system32\drivers\ScreamingBAudio.sys [07/09/2008 9:02 PM 21920]
S3 FSVD2DRIVER;Freedom Scientific Video Device 2;f:\windows\system32\drivers\fsvd2strm.sys [12/11/2008 7:12 PM 31000]
S3 GEST Service;GEST Service for program management.;f:\program files\GIGABYTE\GEST\GSvr.exe [20/09/2008 7:56 PM 47624]
S3 iLokDrvr;iLok;f:\windows\system32\drivers\iLokDrvr.sys [08/09/2008 2:05 PM 54256]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);f:\windows\system32\drivers\mausb.sys [21/11/2008 12:55 AM 143624]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys [29/10/2008 2:39 PM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;f:\windows\system32\drivers\nmwcdnsuc.sys [29/10/2008 2:39 PM 8320]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/03/2010 11:33 AM 14424]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;f:\windows\system32\drivers\lgusbgps.sys [20/03/2010 10:32 AM 19968]
S3 WefiEngSvc;WeFi Engine Service;f:\program files\WeFi\WefiEngSvc.exe [25/10/2009 1:07 PM 140632]
S3 XDva193;XDva193;\??\f:\windows\system32\XDva193.sys --> f:\windows\system32\XDva193.sys [?]
S3 XDva203;XDva203;\??\f:\windows\system32\XDva203.sys --> f:\windows\system32\XDva203.sys [?]
S3 XDva209;XDva209;\??\f:\windows\system32\XDva209.sys --> f:\windows\system32\XDva209.sys [?]
S3 XDva212;XDva212;\??\f:\windows\system32\XDva212.sys --> f:\windows\system32\XDva212.sys [?]
S3 XDva222;XDva222;\??\f:\windows\system32\XDva222.sys --> f:\windows\system32\XDva222.sys [?]
S3 XDva223;XDva223;\??\f:\windows\system32\XDva223.sys --> f:\windows\system32\XDva223.sys [?]
S3 XDva347;XDva347;\??\f:\windows\system32\XDva347.sys --> f:\windows\system32\XDva347.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 f:\windows\Tasks\OGALogon.job
- f:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-08-18 f:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- f:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
IE: &Winamp Search - f:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} - hxxp://pump.musicshake.com/NewDownload/musicshake.cab
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.nowcdn.co.kr/bin/DownStarter.cab
DPF: {47D22CCE-3C08-4DB0-BB99-B7D2266EEF5C} - hxxp://ez2on.uplay.co.kr/dll/RetroLauncher_10224.cab
DPF: {6DFC930D-4E50-4997-BC36-C37E41E52A23} - hxxp://ez2on.uplay.co.kr/dll/Retro_SystemCheck.cab
DPF: {9A48FC0D-F45B-4C77-9FE4-09ABE7F095F1} - hxxp://ez2on.uplay.co.kr/dataroom/atc1802.cab
DPF: {E91B6C86-494B-40B8-8266-627E5D57DA31} - hxxp://cdnfile.hclc.co.kr/cdn_file/X_ClientExx.cab
FF - ProfilePath - f:\documents and settings\DC17\Application Data\Mozilla\Firefox\Profiles\t3svmb5a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: f:\documents and settings\DC17\Application Data\Mozilla\Firefox\Profiles\t3svmb5a.default\extensions\[email protected]\plugins\npWildPocketsLoader.dll
FF - plugin: f:\documents and settings\DC17\Application Data\Vusion\npWARPVideoPlugin.303954.dll
FF - plugin: f:\documents and settings\DC17\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: f:\documents and settings\DC17\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: f:\documents and settings\DC17\LocalLow\StoneTrip\Web Player\npShiVa3D.dll
FF - plugin: f:\program files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll
FF - plugin: f:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: f:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: f:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: f:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 00:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(928)
f:\windows\system32\WININET.dll
f:\progra~1\WINDOW~2\wmpband.dll
f:\windows\system32\ieframe.dll
f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\nvsvc32.exe
f:\program files\AVG\AVG9\avgchsvx.exe
f:\program files\AVG\AVG9\avgrsx.exe
f:\program files\AVG\AVG9\avgcsrvx.exe
f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
f:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\David McKee\My Documents\Hotspot Shield\HssWPR\hsssrv.exe
f:\program files\AVG\AVG9\avgnsx.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
f:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
f:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
f:\windows\system32\WgaTray.exe
f:\program files\Windows Media Player\WMPNetwk.exe
f:\program files\AVG\AVG9\avgcsrvx.exe
f:\program files\Internet Explorer\IEXPLORE.EXE
f:\program files\winamp toolbar\WinampTbServer.exe
f:\windows\RTHDCPL.EXE
f:\program files\Skype\Phone\Skype.exe
f:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-08-18 00:43:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-18 04:43
ComboFix2.txt 2010-08-18 04:24
ComboFix3.txt 2010-08-15 05:23

Pre-Run: 2,014,445,568 bytes free
Post-Run: 2,005,803,008 bytes free

- - End Of File - - 03962D775412BA6F5BE999C437283865

Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4443

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

18/08/2010 1:20:37 AM
mbam-log-2010-08-18 (01-20-37).txt

Scan type: Quick scan
Objects scanned: 137350
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\WINDOWS\efuvanomozolo.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
F:\Program Files\Common Files\common.log (Trojan.Agent) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\d3dx10d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\TDSSuvggbtme.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

Note. I found this file called wuiaproi.dll in my WINDOWS folder. I can't find any info on it... is that file ok or not?

JavaRa

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Aug 18 02:29:53 2010

Found and removed: F:\Documents and Settings\DC17\Application Data\Sun\Java\jre1.6.0_11

Found and removed: F:\Documents and Settings\DC17\Application Data\Sun\Java\jre1.6.0_12

Found and removed: F:\Documents and Settings\DC17\Application Data\Sun\Java\jre1.6.0_14

Found and removed: F:\Documents and Settings\DC17\Application Data\Sun\Java\jre1.6.0_15

Found and removed: F:\Documents and Settings\DC17\Application Data\Sun\Java\jre1.6.0_18

Found and removed: Software\JavaSoft\Java2D\1.5.0_05

Found and removed: SOFTWARE\Classes\JavaPlugin.150_05

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Aug 18 02:30:16 2010

------------------------------------

Finished reporting.

I'm going to post these logs in seperate posts just incase my computer restarts before I got to post.

Edited by Dreamcube017, 18 August 2010 - 12:33 AM.

#12
SweetTech

Posted 18 August 2010 - 08:40 AM

Sir SpamAlot

Retired Staff
7,671 posts

Are you still working on the Kaspersky scan as well as the Security Check scan?

#13
Dreamcube017

Posted 18 August 2010 - 08:57 AM

Member

Topic Starter
Member
14 posts

Are you still working on the Kaspersky scan as well as the Security Check scan?

Yeah. I'm working on the Kispersky Online scan... it's taking a REEEEAAAALLLLYYYY long time. I started it last night right around the time I finished editing my last post... and it's STILL downloading. THere were a few times it said the script was taking too long and it asked me if I wanted to stop. I said no and it's still going. It's lagging my firefox, but I can still have it go. It's still downloading, it's just taking FOREVER. If I restart it, will I have to redownload everything or will it start from where it left off? It was going a bit faster when I first started.

It has about 100 megs of things to DL so far and it's at 70 something... which wouldn't be that bad, but I left two hours ago to do something and it was at 60.

#14
SweetTech

Posted 18 August 2010 - 09:01 AM

Sir SpamAlot

Retired Staff
7,671 posts

hmm..

You may have better luck with this scanner:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push