Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winlogon.exe error,(Generic.dx!tou)

Started by mmmf , Sep 05 2010 09:31 AM

  • This topic is locked This topic is locked

#1
mmmf
Posted 05 September 2010 - 09:31 AM

mmmf

    Member

  • Member
  • PipPip
  • 32 posts
I have Mcafee anti virus installed and it finds a virus called generic.dx!tou but is not able to delete it.The virus is located in C:WINDOWS\System32\winlogon.exe.I have tried running malware bytes it finds some infections but is not able to rectify it either.I cannot restart my computer the explorer just shuts off and it stays there,I cannot open My computer and most of the programs.


I tried updating the Mcafee anitvirus but that fails as well.


This is my Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 6:54:47 AM, on 9/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Muhammad Farhan\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosear...om/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tangotoolbar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosear...om/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Street-Ads Browser Enhancer vuuyp - {3099D7CB-8D52-489E-98E9-1F9F21F4E08F} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Sky-Banners Browser Enhancer zuuyp - {5A45B314-F8AB-46A1-B73B-029B7F43CBBE} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {562439D8-C2CB-4B19-AAF6-7907E6A02CBE} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.spvod.com...cx-ch-spvod.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

any help will be higly appreciated


when i google something and than click on any of the result it directs me to an another page.Internet explorer does not work and the homepage is fixed to tango.toolbar which is for sure a virus but i dont know how to remove it.


I tried to read the cleaning guide before starting this but it gives an eroor that page does not exixt.So i have missed some steps
  • 0

Advertisements

#2
Rorschach112
Posted 05 September 2010 - 09:39 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
mmmf
Posted 05 September 2010 - 11:26 AM

mmmf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I ran combofix.exe and have posted the log.after completing the whole run my pc rebooted and there was the combofix window saying preparing log file do not run any other progam.Than suddenly my desktop disappeared and now there is no explorer.exe in my task manager and i cannot even load it says it does not exist.I know i can restore my pc but than the virus will return as well.

Thanx alot for your help,I really appreciate it



ComboFix 10-09-04.06 - Muhammad Farhan 09/05/2010 17:57:44.1.1 - FAT32x86
Running from: c:\documents and settings\Muhammad Farhan\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\documents and settings\Muhammad Farhan\Application Data\Ihvyva
c:\documents and settings\Muhammad Farhan\Application Data\Ihvyva\aczo.exe
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\{A0A36D7B-7722-48E5-8343-75F740764749}
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\{A0A36D7B-7722-48E5-8343-75F740764749}\chrome.manifest
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\{A0A36D7B-7722-48E5-8343-75F740764749}\chrome\content\_cfg.js
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\{A0A36D7B-7722-48E5-8343-75F740764749}\chrome\content\overlay.xul
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\{A0A36D7B-7722-48E5-8343-75F740764749}\install.rdf
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\Windows Server
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\Windows Server\uses32.dat
c:\windows\ayunipucov.dll
c:\windows\ewiwofeh.dll
c:\windows\iyisuharuculi.dll
c:\windows\system32\driVERs\tnbaluev.sys
c:\windows\umenesumi.dll
.
---- Previous Run -------
.
C:\desktop.ini
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\Windows Server
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\Windows Server\uses32.dat
c:\windows\ayunipucov.dll
c:\windows\ewiwofeh.dll
c:\windows\iyisuharuculi.dll
c:\windows\system32\driVERs\tnbaluev.sys
c:\windows\system32\inetko.dll
c:\windows\umenesumi.dll

c:\windows\system32\drivers\tnbaluev.sys . . . is infected!! . . . Failed to find a valid replacement.
c:\windows\system32\winlogon.exe . . . is infected!!

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_tnbaluev
-------\Service_tnbaluev
-------\Legacy_tnbaluev
-------\Service_tnbaluev


((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-04 05:43 . 2010-09-04 05:43 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-04 05:42 . 2010-09-04 05:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-04 05:42 . 2010-09-04 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-02 05:34 . 2010-09-02 05:34 47596 ----a-w- c:\windows\system32\drivers\REGSYS701.SYS
2010-09-02 05:25 . 2010-09-02 05:25 -------- d-----w- C:\FOUND.003
2010-09-02 01:27 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-02 01:27 . 2010-09-02 01:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-02 01:27 . 2010-09-02 01:27 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\PC Tools
2010-09-02 01:27 . 2010-09-02 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-31 02:22 . 2010-08-31 02:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-30 23:51 . 2010-08-30 23:51 -------- d-----w- C:\!KillBox
2010-08-30 00:00 . 2010-08-30 00:00 -------- d-----w- c:\program files\Exterminate It!
2010-08-22 08:25 . 2010-08-23 04:07 120 ----a-w- c:\windows\Jyeyifucipiso.dat
2010-08-22 08:25 . 2010-08-23 04:07 0 ----a-w- c:\windows\Gwowuzehobiqoba.bin
2010-08-20 20:29 . 2010-08-20 20:29 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\PC Suite
2010-08-20 20:28 . 2010-08-20 20:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\AVG9
2010-08-20 14:17 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 14:17 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 16:26 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-19 16:26 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-19 16:26 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-19 16:26 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-19 16:26 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2010-08-19 16:26 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe
2010-08-19 16:26 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-19 16:25 . 2010-08-19 16:25 -------- d-----w- c:\program files\McAfee
2010-08-19 16:25 . 2010-08-19 16:25 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-19 15:37 . 2010-08-19 15:37 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-19 15:28 . 2010-08-19 15:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\vbyxuhvlv
2010-08-19 15:28 . 2010-08-19 15:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\fbsxuouss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 16:30 . 2010-05-21 22:34 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-04 16:28 . 2010-08-04 16:28 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-04 16:28 . 2010-08-04 16:28 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-04 16:26 . 2010-05-21 22:34 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-04 16:26 . 2010-05-21 22:34 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-23 16:22 . 2010-08-03 23:45 1496064 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-23 16:22 . 2010-08-03 23:45 43008 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-23 16:22 . 2010-08-03 23:45 338944 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-23 16:22 . 2010-08-03 23:45 346112 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-17 00:28 . 2010-07-17 00:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\Office Genuine Advantage
2010-07-15 23:14 . 2010-07-15 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-06-14 14:30 . 2009-01-11 06:02 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-13 01:34 . 2010-06-13 01:34 50354 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Facebook\npfbplugin_1_0_3.dll
2009-02-16 22:37 . 2009-02-16 22:37 60939848 ----a-w- c:\program files\avg_free_stf_en_8_237a1428.exe
2009-02-05 01:45 . 2009-02-05 01:45 0 ----a-w- c:\program files\kdebugc.txt
2008-09-29 07:07 . 2010-08-19 16:26 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-11-20 2590456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2006-01-06 61952]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-29 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-29 688218]
"batterymiser"="c:\program files\LG Software\Battery Miser 2005\batterymiser.exe" [2006-06-01 335872]
"Athan"="c:\program files\Athan\Athan.exe" [2009-01-18 1081344]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-09-04 6300480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-09-01 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-06-01 114688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\JRE6\\BIN\\JAVA.EXE"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2/16/2009 4:34 PM 11886]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [1/13/2009 10:42 PM 1287296]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/19/2010 5:26 PM 64432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.tangotoolbar.com/
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Muhammad Farhan\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{3099D7CB-8D52-489E-98E9-1F9F21F4E08F} - (no file)
BHO-{5A45B314-F8AB-46A1-B73B-029B7F43CBBE} - (no file)
Toolbar-SITEguard - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{562439D8-C2CB-4B19-AAF6-7907E6A02CBE} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{562439D8-C2CB-4B19-AAF6-7907E6A02CBE} - (no file)
HKCU-Run-{6C9C4BB2-8D11-796B-443F-2E440BEDCF40} - c:\documents and settings\Muhammad Farhan\Application Data\Ihvyva\aczo.exe
AddRemove-ElectroAirHockey - d:\old stuff\Games\ir hokey\ElectroAirHockey\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 18:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8924EEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9ef3816
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6
ParseProcedure -> ntkrnlpa.exe @ 0x80577918
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6
ParseProcedure -> ntkrnlpa.exe @ 0x80577918
NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9e68ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9e75b21
SendHandler -> NDIS.sys @ 0xb9e5387b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\windows\system32\mfevtps.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\imapi.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\drwtsn32.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-09-05 18:17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-05 17:17

Pre-Run: 2,550,120,448 bytes free
Post-Run: 2,647,408,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 17D4D1582EB48FAC61DAB68F6EDDFF0A
  • 0

#4
mmmf
Posted 05 September 2010 - 11:30 AM

mmmf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sorry for missing this out,I am running my firefox through my task manager
  • 0

#5
Rorschach112
Posted 05 September 2010 - 11:36 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
reboot the PC and explorer should load again



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\tnbaluev.sys
c:\windows\Jyeyifucipiso.dat
c:\windows\Gwowuzehobiqoba.bin
c:\program files\kdebugc.txt

SRPeek::
c:\windows\system32\winlogon.exe

Folder::
C:\FOUND.003
C:\!KillBox


Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#6
mmmf
Posted 05 September 2010 - 11:49 AM

mmmf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I rebooted the explorer.exe did not return ,
  • 0

#7
Rorschach112
Posted 05 September 2010 - 02:14 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you do the above step anyway ?
  • 0

#8
mmmf
Posted 05 September 2010 - 10:52 PM

mmmf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I tried doing that through task manager ,combofix rebooted my pc but after that nothing happened.I will try again and will let you know.
  • 0

#9
mmmf
Posted 05 September 2010 - 11:12 PM

mmmf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
ComboFix 10-09-04.06 - Muhammad Farhan 09/06/2010 5:54.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1593 [GMT 1:00]
Running from: c:\documents and settings\Muhammad Farhan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Muhammad Farhan\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"c:\program files\kdebugc.txt"
"c:\windows\Gwowuzehobiqoba.bin"
"c:\windows\Jyeyifucipiso.dat"
"c:\windows\system32\drivers\tnbaluev.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\!KillBox
c:\!killbox\Logs\kb.log
C:\FOUND.003
c:\found.003\FILE0000.CHK
c:\found.003\FILE0001.CHK
c:\found.003\FILE0002.CHK
c:\found.003\FILE0003.CHK
c:\program files\kdebugc.txt
c:\windows\Gwowuzehobiqoba.bin
c:\windows\Jyeyifucipiso.dat

c:\windows\system32\winlogon.exe . . . is infected!!

Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-04 05:43 . 2010-09-05 17:12 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-04 05:42 . 2010-09-04 05:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-04 05:42 . 2010-09-04 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-02 05:34 . 2010-09-02 05:34 47596 ----a-w- c:\windows\system32\drivers\REGSYS701.SYS
2010-09-02 01:27 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-02 01:27 . 2010-09-02 01:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-02 01:27 . 2010-09-02 01:27 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\PC Tools
2010-09-02 01:27 . 2010-09-02 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-31 02:22 . 2010-08-31 02:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-30 00:00 . 2010-08-30 00:00 -------- d-----w- c:\program files\Exterminate It!
2010-08-20 20:29 . 2010-08-20 20:29 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\PC Suite
2010-08-20 20:28 . 2010-08-20 20:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\AVG9
2010-08-20 14:17 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 14:17 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 16:26 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-19 16:26 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-19 16:26 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-19 16:26 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-19 16:26 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2010-08-19 16:26 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe
2010-08-19 16:26 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-19 16:25 . 2010-08-19 16:25 -------- d-----w- c:\program files\McAfee
2010-08-19 16:25 . 2010-08-19 16:25 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-19 15:37 . 2010-08-19 15:37 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-19 15:28 . 2010-08-19 15:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\vbyxuhvlv
2010-08-19 15:28 . 2010-08-19 15:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\fbsxuouss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 16:30 . 2010-05-21 22:34 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-04 16:28 . 2010-08-04 16:28 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-04 16:28 . 2010-08-04 16:28 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-04 16:26 . 2010-05-21 22:34 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-04 16:26 . 2010-05-21 22:34 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-23 16:22 . 2010-08-03 23:45 1496064 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-23 16:22 . 2010-08-03 23:45 43008 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-23 16:22 . 2010-08-03 23:45 338944 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-23 16:22 . 2010-08-03 23:45 346112 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-17 00:28 . 2010-07-17 00:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\Office Genuine Advantage
2010-07-15 23:14 . 2010-07-15 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-06-14 14:30 . 2009-01-11 06:02 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-13 01:34 . 2010-06-13 01:34 50354 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Facebook\npfbplugin_1_0_3.dll
2009-02-16 22:37 . 2009-02-16 22:37 60939848 ----a-w- c:\program files\avg_free_stf_en_8_237a1428.exe
2008-09-29 07:07 . 2010-08-19 16:26 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2004-09-01 . AA88AEC074262986525206C73097751D . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2006-01-06 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\$NtUninstallKB938828$\explorer.exe

c:\windows\explorer.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-11-20 2590456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2006-01-06 61952]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-29 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-29 688218]
"batterymiser"="c:\program files\LG Software\Battery Miser 2005\batterymiser.exe" [2006-06-01 335872]
"Athan"="c:\program files\Athan\Athan.exe" [2009-01-18 1081344]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-09-04 6300480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-09-01 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-06-01 114688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\JRE6\\BIN\\JAVA.EXE"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2/16/2009 4:34 PM 11886]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/19/2010 5:26 PM 67904]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [1/13/2009 10:42 PM 1287296]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/19/2010 5:26 PM 64432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.tangotoolbar.com/
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Muhammad Farhan\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 05:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-06 06:00:12
ComboFix-quarantined-files.txt 2010-09-06 05:00
ComboFix2.txt 2010-09-05 17:17

Pre-Run: 1,545,535,488 bytes free
Post-Run: 1,745,223,680 bytes free

- - End Of File - - B0D03248A4E0679C0FA819114693BA3A
  • 0

#10
Rorschach112
Posted 06 September 2010 - 06:36 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
don't run any scans with your anti-virus



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

MIA::
c:\windows\explorer.exe

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.exe
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Update\*.*
    CREATERESTOREPOINT
    %PROGRAMFILES%\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    color 9f & set /c
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %systemroot%\AppPatch\Custom\*.*
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
    HKCU\Software\Microsoft\Command Processor\AutoRun
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration
    HKCU\Software\Policies\Microsoft\Windows\System\Scripts
    HKLM\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers
    HKLM\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers
    HKLM\Software\Classes\Directory\shellex\ColumnHandlers
    HKLM\Software\Classes\Directory\shellex\DragDropHandlers
    HKLM\Software\Classes\Directory\Background\shellex\ColumnHandlers
    HKLM\Software\Classes\Directory\Background\shellex\CopyHookHandlers
    HKLM\Software\Classes\Directory\Background\shellex\DragDropHandlers
    HKLM\Software\Classes\Directory\Background\shellex\PropertySheetHandlers
    HKLM\Software\Classes\Folder\shellex\ColumnHandlers
    HKLM\Software\Classes\Folder\shellex\CopyHookHandlers
    HKLM\Software\Microsoft\Command Processor\AutoRun
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Aedebug
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\InitFileMapping
    HKLM\Software\Policies\Microsoft\Windows\System\Scripts
    HKLM\System\CurrentControlSet\Control\ServiceControlManagerExtension
    HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
    HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\UpperFilters
    HKLM\System\CurrentControlSet\Control\Print\Monitors
    HKLM\System\CurrentControlSet\Control\SafeBoot\AlternateShell
    HKLM\System\CurrentControlSet\Control\SafeBoot\Option\UseAlternateShell
    HKLM\System\CurrentControlSet\Control\Session Manager\Execute
    HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
    HKLM\System\CurrentControlSet\Control\WOW\cmdline
    HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
    type %USERPROFILE%\AppData\Local\Microsoft\Windows Sidebar\Settings.ini /c
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.exe
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    %USERPROFILE%\Templates\*.tmp
    /md5start
    winlogon.*
    explorer.*
    /md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

Advertisements

#11
mmmf
Posted 06 September 2010 - 09:52 AM

mmmf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I cant believe it ,your are a star,my explorers running fine :) ,i can even open my computer ,thanx a alot.

Here is the combofix.txt log

ComboFix 10-09-04.06 - Muhammad Farhan 09/06/2010 16:40:09.3.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1603 [GMT 1:00]
Running from: c:\documents and settings\Muhammad Farhan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Muhammad Farhan\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe was missing
Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-06 15:43 . 2007-06-13 10:26 1033216 ----a-w- c:\windows\explorer.exe
2010-09-04 05:43 . 2010-09-05 17:12 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-04 05:42 . 2010-09-04 05:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-04 05:42 . 2010-09-04 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-02 05:34 . 2010-09-02 05:34 47596 ----a-w- c:\windows\system32\drivers\REGSYS701.SYS
2010-09-02 01:27 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-02 01:27 . 2010-09-02 01:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-02 01:27 . 2010-09-02 01:27 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\PC Tools
2010-09-02 01:27 . 2010-09-02 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-31 02:22 . 2010-08-31 02:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-30 00:00 . 2010-08-30 00:00 -------- d-----w- c:\program files\Exterminate It!
2010-08-20 20:29 . 2010-08-20 20:29 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\PC Suite
2010-08-20 20:28 . 2010-08-20 20:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\AVG9
2010-08-20 14:17 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 14:17 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 16:26 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-19 16:26 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-19 16:26 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-19 16:26 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-19 16:26 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2010-08-19 16:26 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe
2010-08-19 16:26 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-19 16:25 . 2010-08-19 16:25 -------- d-----w- c:\program files\McAfee
2010-08-19 16:25 . 2010-08-19 16:25 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-19 15:37 . 2010-08-19 15:37 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-19 15:28 . 2010-08-19 15:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\vbyxuhvlv
2010-08-19 15:28 . 2010-08-19 15:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\fbsxuouss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 16:30 . 2010-05-21 22:34 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-04 16:28 . 2010-08-04 16:28 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-04 16:28 . 2010-08-04 16:28 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-08-04 16:27 . 2010-08-04 16:27 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-04 16:26 . 2010-05-21 22:34 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-04 16:26 . 2010-05-21 22:34 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-23 16:22 . 2010-08-03 23:45 1496064 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-23 16:22 . 2010-08-03 23:45 43008 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-23 16:22 . 2010-08-03 23:45 338944 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-23 16:22 . 2010-08-03 23:45 346112 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-17 00:28 . 2010-07-17 00:28 -------- d-----w- c:\documents and settings\Muhammad Farhan\Application Data\Office Genuine Advantage
2010-07-15 23:14 . 2010-07-15 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-06-14 14:30 . 2009-01-11 06:02 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-13 01:34 . 2010-06-13 01:34 50354 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Facebook\uninstall.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Muhammad Farhan\Application Data\Facebook\npfbplugin_1_0_3.dll
2009-02-16 22:37 . 2009-02-16 22:37 60939848 ----a-w- c:\program files\avg_free_stf_en_8_237a1428.exe
2008-09-29 07:07 . 2010-08-19 16:26 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2004-09-01 . AA88AEC074262986525206C73097751D . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-06_04.59.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-06 05:04 . 2010-09-06 05:05 16384 c:\windows\Temp\Perflib_Perfdata_318.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-11-20 2590456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2006-01-06 61952]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-29 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-29 688218]
"batterymiser"="c:\program files\LG Software\Battery Miser 2005\batterymiser.exe" [2006-06-01 335872]
"Athan"="c:\program files\Athan\Athan.exe" [2009-01-18 1081344]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-09-04 6300480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-09-01 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-06-01 114688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\JRE6\\BIN\\JAVA.EXE"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2/16/2009 4:34 PM 11886]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [1/13/2009 10:42 PM 1287296]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/19/2010 5:26 PM 67904]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/19/2010 5:26 PM 64432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.tangotoolbar.com/
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Muhammad Farhan\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 16:43
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-06 16:44:46
ComboFix-quarantined-files.txt 2010-09-06 15:44
ComboFix2.txt 2010-09-06 05:00
ComboFix3.txt 2010-09-05 17:17

Pre-Run: 1,396,441,088 bytes free
Post-Run: 1,456,324,608 bytes free

- - End Of File - - 63874137613B9D80F15FF8DE645B3B8B
  • 0

#12
mmmf
Posted 06 September 2010 - 09:58 AM

mmmf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTL logfile created on: 9/6/2010 4:54:51 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Muhammad Farhan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.28 Gb Total Space | 1.37 Gb Free Space | 4.67% Space Free | Partition Type: FAT32
Drive D: | 45.23 Gb Total Space | 40.74 Gb Free Space | 90.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 79D04EFD1D72425
Current User Name: Muhammad Farhan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Muhammad Farhan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
PRC - C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe (LG Electronics Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\msswchx.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Muhammad Farhan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\LG Software\Battery Miser 2005\McIdle.dll (LG Electronics Inc.)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msswch.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (vvdsvc) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (南京纳加软件有限公司)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\MUHAMM~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (lgsnd_filter) -- C:\WINDOWS\system32\drivers\lgsnd_filter.sys ()
DRV - (Ndisipo) -- C:\WINDOWS\system32\drivers\Ndisipo.sys (Windows ® 2000 DDK provider)
DRV - (cmudax) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc.)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (SoC PC-Camera Service) -- C:\WINDOWS\system32\drivers\pfc027.sys ()
DRV - (kbfilter) -- C:\WINDOWS\System32\drivers\kbfilter.sys (WayTech Development, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.tangotoolbar.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 11 1A 8C 09 8B C9 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/01/11 07:06:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/01/11 07:06:44 | 000,000,000 | ---D | M]

[2010/02/04 14:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muhammad Farhan\Application Data\Mozilla\Extensions
[2010/02/04 14:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions
[2010/09/06 16:46:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/29 17:17:22 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Muhammad Farhan\Application Data\Mozilla\Firefox\Profiles\228eb0wx.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/01/11 07:06:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/29 08:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2010/09/06 05:59:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [batterymiser] C:\Program Files\LG Software\Battery Miser 2005\batterymiser.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\hdashcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.spvod.com...cx-ch-spvod.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {26F5978F-6493-4ee3-B114-C0C3ACCF9D4D} - C:\WINDOWS\system32\bmpsap.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/11 07:05:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: VIDC.IV40 - C:\WINDOWS\System32\Ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\Ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Ligos Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/06 16:53:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Muhammad Farhan\Desktop\OTL.exe
[2010/09/06 16:39:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/05 17:53:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/05 17:51:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/05 17:51:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/05 17:51:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/05 17:51:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/05 16:50:06 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Muhammad Farhan\Desktop\erunt-setup.exe
[2010/09/05 16:48:51 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Muhammad Farhan\Desktop\TFC.exe
[2010/09/05 05:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Desktop\gmer
[2010/09/04 06:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/04 06:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/02 06:34:03 | 000,047,596 | ---- | C] (Sysinternals) -- C:\WINDOWS\System32\drivers\REGSYS701.SYS
[2010/09/02 02:27:33 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/09/02 02:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/02 02:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Application Data\PC Tools
[2010/09/02 02:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/02 02:22:04 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/08/31 05:20:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Muhammad Farhan\Recent
[2010/08/31 03:20:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/31 01:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/30 04:01:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/30 01:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Desktop\New Folder (4)
[2010/08/30 01:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2010/08/21 21:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/21 21:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/20 21:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Application Data\PC Suite
[2010/08/20 21:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Application Data\AVG9
[2010/08/20 15:28:08 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Muhammad Farhan\Desktop\mbam-setup-1.46.exe
[2010/08/20 15:17:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/20 15:17:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/20 15:13:59 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Muhammad Farhan\Desktop\mbam-setup.exe
[2010/08/19 19:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/19 17:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/19 17:26:05 | 000,064,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/19 17:26:04 | 000,090,360 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/08/19 17:26:04 | 000,074,648 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/19 17:26:04 | 000,042,424 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/08/19 17:26:03 | 000,062,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2010/08/19 17:26:02 | 000,340,592 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/08/19 17:26:02 | 000,067,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/08/19 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/08/19 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/08/19 16:37:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/08/19 16:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Local Settings\Application Data\vbyxuhvlv
[2010/08/19 16:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Local Settings\Application Data\fbsxuouss
[2010/08/13 19:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Desktop\New Folder (3)
[2010/07/20 02:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Desktop\New Folder (2)
[2010/07/19 16:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Desktop\Uni Stuff
[2010/07/17 01:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Application Data\Office Genuine Advantage
[2010/07/16 00:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/07/16 00:13:24 | 000,000,000 | ---D | C] -- C:\FOUND.002
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/07/10 09:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/07/02 18:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/02 04:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/06/13 02:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Muhammad Farhan\Application Data\Facebook
[2009/02/16 23:37:38 | 060,939,848 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_237a1428.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Muhammad Farhan\Desktop\*.tmp files -> C:\Documents and Settings\Muhammad Farhan\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Muhammad Farhan\*.tmp files -> C:\Documents and Settings\Muhammad Farhan\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/06 16:55:08 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\ntuser.dat
[2010/09/06 16:53:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Muhammad Farhan\Desktop\OTL.exe
[2010/09/06 16:43:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/06 16:39:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/06 06:04:54 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/09/06 06:04:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/06 06:04:36 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/05 19:03:12 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Muhammad Farhan\ntuser.ini
[2010/09/05 18:12:34 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/05 17:55:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/05 17:53:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/05 17:49:58 | 003,837,097 | R--- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\ComboFix.exe
[2010/09/05 16:50:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Muhammad Farhan\Desktop\erunt-setup.exe
[2010/09/05 16:48:54 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Muhammad Farhan\Desktop\TFC.exe
[2010/09/05 05:31:00 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\gmer.zip
[2010/09/05 04:48:52 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\dds.scr
[2010/09/04 06:43:04 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/09/02 06:34:04 | 000,047,596 | ---- | M] (Sysinternals) -- C:\WINDOWS\System32\drivers\REGSYS701.SYS
[2010/09/02 02:44:22 | 000,000,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/08/30 04:00:40 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/30 01:04:40 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk
[2010/08/26 13:30:08 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 15:27:42 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Muhammad Farhan\Desktop\mbam-setup-1.46.exe
[2010/08/20 15:14:00 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Muhammad Farhan\Desktop\mbam-setup.exe
[2010/08/20 15:08:14 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\rkill.com
[2010/08/19 18:01:14 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Shortcut to firefox.lnk
[2010/08/19 16:28:34 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/14 01:11:42 | 002,174,704 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC_0077.JPG
[2010/08/09 00:09:20 | 000,089,171 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\2486205245_a276cd78c5.jpg
[2010/08/08 09:38:00 | 000,157,999 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05432.JPG
[2010/08/08 09:38:00 | 000,156,368 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05434.JPG
[2010/08/08 09:38:00 | 000,138,076 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05430.JPG
[2010/08/08 09:38:00 | 000,137,703 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05437.JPG
[2010/08/08 09:38:00 | 000,135,961 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05436.JPG
[2010/08/08 09:38:00 | 000,131,301 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05435.JPG
[2010/08/08 09:38:00 | 000,125,415 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05431.JPG
[2010/08/04 17:28:38 | 000,001,446 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DivX Movies.lnk
[2010/08/04 17:28:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/08/04 17:27:38 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/29 02:28:38 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010/07/28 01:37:54 | 000,092,965 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\cars-608.jpg
[2010/07/23 00:19:26 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Document Scrap (2) 'a...'.shs
[2010/07/22 20:20:30 | 000,104,210 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\FARHAN_CV1.pdf
[2010/07/22 20:18:24 | 000,005,486 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Farhan cover letter1.pdf
[2010/07/22 19:47:38 | 000,054,636 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\d.xps
[2010/07/16 00:13:30 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/10 09:35:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/10 09:34:34 | 000,493,974 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/10 09:34:34 | 000,436,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/10 09:34:34 | 000,068,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/10 03:25:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/07/02 17:18:12 | 000,040,487 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\vugg.jpg
[2010/07/02 17:09:00 | 000,006,524 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\My Documents\sc_config_eyeballchat.xml
[2010/07/01 03:27:08 | 000,063,595 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\jawan.jpg
[2010/07/01 03:22:00 | 000,063,319 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\me.jpg
[2010/07/01 03:18:32 | 000,047,267 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\1.jpg
[2010/07/01 00:13:40 | 000,664,996 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Image006.jpg
[2010/06/30 04:00:22 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\personal statement.doc
[2010/06/25 22:44:44 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Summer Placement Opportunity Anish Roy-1.doc
[2010/06/16 00:26:44 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Document Scrap 'a...'.shs
[2010/06/16 00:25:16 | 000,227,328 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\ApplicationForm.doc
[2010/06/15 16:05:50 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\~$plicationForm.doc
[2010/06/14 18:43:40 | 000,002,837 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Athan.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Muhammad Farhan\Desktop\*.tmp files -> C:\Documents and Settings\Muhammad Farhan\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Muhammad Farhan\*.tmp files -> C:\Documents and Settings\Muhammad Farhan\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/05 17:51:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/05 17:51:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/05 17:51:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/05 17:51:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/05 17:51:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/05 05:31:03 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\gmer.zip
[2010/09/05 04:48:58 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\dds.scr
[2010/09/04 06:43:32 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/04 06:42:33 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/09/02 02:44:20 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/09/02 02:27:33 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/08/31 01:18:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/31 01:18:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/08/31 01:17:13 | 004,718,592 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\ntuser.dat
[2010/08/30 01:04:39 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk
[2010/08/30 00:41:36 | 003,837,097 | R--- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\ComboFix.exe
[2010/08/20 15:08:11 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\rkill.com
[2010/08/19 18:01:12 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Shortcut to firefox.lnk
[2010/08/19 16:28:32 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/14 01:11:01 | 002,174,704 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC_0077.JPG
[2010/08/13 19:47:38 | 000,157,999 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05432.JPG
[2010/08/13 19:47:38 | 000,156,368 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05434.JPG
[2010/08/13 19:47:38 | 000,137,703 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05437.JPG
[2010/08/13 19:47:38 | 000,135,961 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05436.JPG
[2010/08/13 19:47:38 | 000,131,301 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05435.JPG
[2010/08/13 19:47:38 | 000,125,415 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05431.JPG
[2010/08/13 19:47:26 | 000,138,076 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\DSC05430.JPG
[2010/08/09 00:09:18 | 000,089,171 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\2486205245_a276cd78c5.jpg
[2010/08/04 17:28:14 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/28 01:37:52 | 000,092,965 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\cars-608.jpg
[2010/07/23 00:19:24 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Document Scrap (2) 'a...'.shs
[2010/07/22 20:20:23 | 000,104,210 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\FARHAN_CV1.pdf
[2010/07/22 19:48:16 | 000,005,486 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Farhan cover letter1.pdf
[2010/07/22 19:47:35 | 000,054,636 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\d.xps
[2010/07/22 19:41:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2010/07/10 09:32:49 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/02 17:18:09 | 000,040,487 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\vugg.jpg
[2010/07/01 03:27:05 | 000,063,595 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\jawan.jpg
[2010/07/01 03:21:59 | 000,063,319 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\me.jpg
[2010/07/01 03:18:30 | 000,047,267 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\1.jpg
[2010/07/01 02:06:10 | 000,664,996 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Image006.jpg
[2010/06/25 22:44:43 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Summer Placement Opportunity Anish Roy-1.doc
[2010/06/16 00:26:43 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\Document Scrap 'a...'.shs
[2010/06/15 16:05:49 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\~$plicationForm.doc
[2010/06/15 16:05:48 | 000,227,328 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\ApplicationForm.doc
[2010/02/18 19:31:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/02/18 19:28:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/02/03 16:43:59 | 000,006,572 | -HS- | C] () -- C:\Documents and Settings\Muhammad Farhan\Local Settings\Application Data\V2Iu86wOC61hS
[2010/01/04 16:28:34 | 000,008,798 | ---- | C] () -- C:\WINDOWS\lg_up.ini
[2009/10/27 00:02:41 | 000,136,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2009/10/27 00:02:41 | 000,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/16 03:06:01 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\Muhammad Farhan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/13 22:51:45 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\bmpsap.dll
[2009/01/13 22:51:45 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\lgsnd_filter.sys
[2009/01/13 22:42:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2009/01/13 22:42:16 | 000,017,071 | R--- | C] () -- C:\WINDOWS\CMUDAX.INI
[2009/01/11 15:58:02 | 000,000,740 | ---- | C] () -- C:\WINDOWS\lgcenter.ini
[2009/01/11 07:11:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/01/06 20:57:18 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/06 19:41:24 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/04/04 18:52:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/04/04 18:35:24 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/24 15:10:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004/09/24 15:09:58 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2004/09/24 15:09:56 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2004/09/24 15:09:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2004/09/01 08:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/07 01:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

========== LOP Check ==========

[2009/04/28 01:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/03 21:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/02/03 21:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/02/03 21:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/04 14:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/04 17:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/02/04 17:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/09/04 06:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/04 17:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muhammad Farhan\Application Data\Nokia
[2010/03/15 22:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muhammad Farhan\Application Data\GetRightToGo
[2010/06/13 02:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muhammad Farhan\Application Data\Facebook
[2010/08/20 21:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muhammad Farhan\Application Data\AVG9
[2010/08/20 21:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muhammad Farhan\Application Data\PC Suite
[2010/05/09 15:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muhammad Farhan\Application Data\Iblexu
[2010/09/06 06:04:54 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/06 06:04:34 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2004/09/01 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2004/09/01 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005/12/16 00:49:10 | 000,000,126 | ---- | M] () -- C:\cleanup.cmd
[2010/09/05 17:53:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2009/01/11 07:05:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/11 07:05:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/11 07:05:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/11 07:05:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/25 18:23:02 | 000,304,182 | ---- | M] () -- C:\StiImg.dat
[2010/08/29 23:30:16 | 000,000,707 | ---- | M] () -- C:\rkill.log
[2010/03/07 16:09:12 | 000,000,172 | ---- | M] () -- C:\SYSINFO.BAT
[2010/09/06 06:04:36 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 16:09:18 | 000,033,594 | ---- | M] () -- C:\SYSINFO.TXT
[2010/08/19 16:28:34 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/06 16:44:48 | 000,013,443 | ---- | M] () -- C:\ComboFix.txt
[2009/01/11 06:55:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2005/04/21 19:57:20 | 000,000,028 | ---- | M] () -- C:\input.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.* >
[2008/07/06 10:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/01/11 06:46:44 | 000,806,912 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2009/01/11 06:46:44 | 000,655,360 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/11 06:46:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.exe >

< %systemroot%\Fonts\*.ini >
[2009/01/11 07:04:50 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
[2005/06/01 03:26:40 | 000,346,155 | ---- | M] () -- C:\WINDOWS\system32\vista.jpg
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/02/16 23:37:40 | 060,939,848 | ---- | M] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_237a1428.exe

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\*. >
[2009/01/11 06:50:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/01/11 06:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/01/11 06:57:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2009/01/11 06:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/01/11 07:00:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/01/11 07:01:02 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2009/01/11 07:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/01/11 07:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/01/11 07:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/01/11 07:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/01/11 07:03:36 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/01/11 07:03:40 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/01/11 07:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/01/11 07:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/08/19 17:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/01/11 07:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/01/11 07:10:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/01/11 07:11:46 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/01/11 07:11:46 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/08/30 01:00:56 | 000,000,000 | ---D | M] -- C:\Program Files\Exterminate It!
[2009/01/11 07:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/01/11 15:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\lg_swupdate
[2009/01/13 22:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/01/13 22:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/01/13 22:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/01/13 22:50:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/01/13 22:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\LG Software
[2009/01/13 22:51:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/01/13 22:52:06 | 000,000,000 | ---D | M] -- C:\Program Files\EzManual
[2009/02/21 12:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/09/04 06:42:34 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2009/02/24 13:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\Athan
[2009/02/06 21:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\msn
[2009/02/06 21:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/11/10 01:56:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/02/08 16:54:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/02/21 12:09:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/21 12:14:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/02/27 02:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/03/30 03:22:56 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2009/04/03 20:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2010/02/04 17:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2009/07/06 12:12:34 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/02/04 17:39:12 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2009/12/22 18:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/02/04 17:39:36 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/12/20 15:44:14 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/12/31 05:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\RMClock
[2010/01/02 23:26:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/01/02 23:28:54 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/01/02 23:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/02/03 21:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\Crawler

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 14:53:21

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< color 9f & set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Muhammad Farhan\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=79D04EFD1D72425
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Muhammad Farhan
LOGONSERVER=\\79D04EFD1D72425
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Samsung\Samsung PC Studio 3
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\Muhammad Farhan\Desktop\ComboFix.exe" "C:\Documents and Settings\Muhammad Farhan\Desktop\CFScript.txt"
sfxname=C:\Documents and Settings\Muhammad Farhan\Desktop\ComboFix.exe
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MUHAMM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MUHAMM~1\LOCALS~1\Temp
USERDOMAIN=79D04EFD1D72425
USERNAME=Muhammad Farhan
USERPROFILE=C:\Documents and Settings\Muhammad Farhan
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/01/11 07:05:18 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/01/11 07:14:46 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Muhammad Farhan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/01/11 07:14:46 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Muhammad Farhan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/20 15:14:00 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Muhammad Farhan\Desktop\mbam-setup.exe
[2010/08/20 15:27:42 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Muhammad Farhan\Desktop\mbam-setup-1.46.exe
[2010/09/05 17:49:58 | 003,837,097 | R--- | M] () -- C:\Documents and Settings\Muhammad Farhan\Desktop\ComboFix.exe
[2010/09/05 05:31:24 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Muhammad Farhan\Desktop\MGADiag.exe
[2010/09/05 16:48:54 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Muhammad Farhan\Desktop\TFC.exe
[2010/09/06 16:53:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Muhammad Farhan\Desktop\OTL.exe
[2010/09/05 16:50:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Muhammad Farhan\Desktop\erunt-setup.exe
[1 C:\Documents and Settings\Muhammad Farhan\Desktop\*.tmp files -> C:\Documents and Settings\Muhammad Farhan\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %systemroot%\AppPatch\Custom\*.* >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/10/07 00:47:26 | 085,595,322 | ---- | M] (IT Services - Loughborough University ) -- C:\Documents and Settings\Muhammad Farhan\My Documents\McAfeeVSE.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore >

< HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath >

< HKCU\Software\Microsoft\Command Processor\AutoRun >

< HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration >

< HKCU\Software\Policies\Microsoft\Windows\System\Scripts >

< HKLM\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers >

< HKLM\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers >

< HKLM\Software\Classes\Directory\shellex\ColumnHandlers >

< HKLM\Software\Classes\Directory\shellex\DragDropHandlers >

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\DragDropHandlers\WinRAR]

< HKLM\Software\Classes\Directory\Background\shellex\ColumnHandlers >

< HKLM\Software\Classes\Directory\Background\shellex\CopyHookHandlers >

< HKLM\Software\Classes\Directory\Background\shellex\DragDropHandlers >

< HKLM\Software\Classes\Directory\Background\shellex\PropertySheetHandlers >

< HKLM\Software\Classes\Folder\shellex\ColumnHandlers >

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]

< HKLM\Software\Classes\Folder\shellex\CopyHookHandlers >

< HKLM\Software\Microsoft\Command Processor\AutoRun >

< HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks >

< HKLM\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Configuration >

< HKLM\Software\Microsoft\Windows NT\CurrentVersion\Aedebug >
"Auto" = 1
"Debugger" = drwtsn32 -p %ld -e %ld -g -- [2004/09/01 08:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation)
"UserDebuggerHotKey" = 0

< HKLM\Software\Microsoft\Windows NT\CurrentVersion\InitFileMapping >

< HKLM\Software\Policies\Microsoft\Windows\System\Scripts >

< HKLM\System\CurrentControlSet\Control\ServiceControlManagerExtension >

< HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath >

< HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\UpperFilters >

< HKLM\System\CurrentControlSet\Control\Print\Monitors >

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Monitors\Local Port]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Monitors\USB Monitor]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Monitors\virprnt]

< HKLM\System\CurrentControlSet\Control\SafeBoot\AlternateShell >

< HKLM\System\CurrentControlSet\Control\SafeBoot\Option\UseAlternateShell >

< HKLM\System\CurrentControlSet\Control\Session Manager\Execute >

< HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute >

< HKLM\System\CurrentControlSet\Control\WOW\cmdline >

< HKLM\System\CurrentControlSet\Control\WOW\wowcmdline >

< type %USERPROFILE%\AppData\Local\Microsoft\Windows Sidebar\Settings.ini /c >

< HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot >
"AlternateShell" = cmd.exe -- [2004/09/01 08:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/01/11 07:14:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Muhammad Farhan\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/06 16:46:48 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Muhammad Farhan\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006/01/06 20:56:12 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >


< MD5 for: EXPLORER.EXE >
[2006/01/06 20:57:32 | 001,075,200 | ---- | M] (Microsoft Corporation) MD5=2DEACA71A7FD77205F59D48D76B2F565 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 11:26:04 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:26:04 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/06/13 11:26:04 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\explorer.exe

< MD5 for: EXPLORER.EXE.VIR >
[2007/06/13 10:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=F158A4C85CAFA0C341B6BA7C9DABF253 -- C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir

< MD5 for: EXPLORER.SCF >
[2004/09/01 08:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: WINLOGON.EXE >
[2004/09/01 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=AA88AEC074262986525206C73097751D -- C:\WINDOWS\system32\winlogon.exe
< End of report >
  • 0

#13
mmmf
Posted 06 September 2010 - 09:58 AM

mmmf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTL Extras logfile created on: 9/6/2010 4:54:51 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Muhammad Farhan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.28 Gb Total Space | 1.37 Gb Free Space | 4.67% Space Free | Partition Type: FAT32
Drive D: | 45.23 Gb Total Space | 40.74 Gb Free Space | 90.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 79D04EFD1D72425
Current User Name: Muhammad Farhan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\JRE6\BIN\JAVA.EXE" = C:\Program Files\Java\JRE6\BIN\JAVA.EXE:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{15EC1872-FEAC-4FF6-B2ED-B686BBE183D1}" = IP Operator 2005
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 18
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B905C2C6-E171-4D6A-B235-EDECF1F5EFB1}" = Samsung PC Studio 3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E55C8F84-160B-41FA-9D41-6210801C0C24}" = Battery Miser
"{E713E222-AF67-47DF-9D59-37A051083630}" = Ez User's Guide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Athan" = Athan Basic 3.5
"ATI Display Driver" = ATI Display Driver
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"DivX Setup.divx.com" = DivX Setup
"Exterminate It!" = Exterminate It!
"HijackThis" = HijackThis 1.99.1
"HitmanPro35" = Hitman Pro 3.5
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nokia PC Suite" = Nokia PC Suite
"SopCast" = SopCast 3.0.3
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Video Compass" = Veoh Video Compass
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2010 5:21:48 AM | Computer Name = 79D04EFD1D72425 | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.1.0.447
Exception
Code : 0XC0000005 Exception Address : 0X00409F5F Exception Parameters :
2 Param 1 = 00000000 Param 2 = 0X00000014 More information : Exception in memory scanner
thread.

Error - 9/4/2010 5:21:53 AM | Computer Name = 79D04EFD1D72425 | Source = Application Error | ID = 1000
Description = Faulting application Mcshield.exe, version 14.1.0.447, faulting module
Mcshield.exe, version 14.1.0.447, fault address 0x00009f5f.

Error - 9/4/2010 5:21:54 AM | Computer Name = 79D04EFD1D72425 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 60 seconds;

Error - 9/4/2010 5:23:18 AM | Computer Name = 79D04EFD1D72425 | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.1.0.447
Exception
Code : 0XC0000005 Exception Address : 0X00409F5F Exception Parameters :
2 Param 1 = 00000000 Param 2 = 0X00000014 More information : Exception in memory scanner
thread.

Error - 9/4/2010 5:23:25 AM | Computer Name = 79D04EFD1D72425 | Source = Application Error | ID = 1000
Description = Faulting application Mcshield.exe, version 14.1.0.447, faulting module
Mcshield.exe, version 14.1.0.447, fault address 0x00009f5f.

Error - 9/4/2010 5:23:27 AM | Computer Name = 79D04EFD1D72425 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 60 seconds;

Error - 9/4/2010 5:24:51 AM | Computer Name = 79D04EFD1D72425 | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.1.0.447
Exception
Code : 0XC0000005 Exception Address : 0X00409F5F Exception Parameters :
2 Param 1 = 00000000 Param 2 = 0X00000014 More information : Exception in memory scanner
thread.

Error - 9/4/2010 5:24:57 AM | Computer Name = 79D04EFD1D72425 | Source = Application Error | ID = 1000
Description = Faulting application Mcshield.exe, version 14.1.0.447, faulting module
Mcshield.exe, version 14.1.0.447, fault address 0x00009f5f.

Error - 9/4/2010 5:24:57 AM | Computer Name = 79D04EFD1D72425 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 60 seconds;

Error - 9/4/2010 12:04:32 PM | Computer Name = 79D04EFD1D72425 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 60 seconds;

[ System Events ]
Error - 9/6/2010 1:07:51 AM | Computer Name = 79D04EFD1D72425 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 3 time(s).

Error - 9/6/2010 1:08:54 AM | Computer Name = 79D04EFD1D72425 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 4 time(s).

Error - 9/6/2010 1:10:48 AM | Computer Name = 79D04EFD1D72425 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 5 time(s).

Error - 9/6/2010 1:11:50 AM | Computer Name = 79D04EFD1D72425 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 6 time(s).

Error - 9/6/2010 1:12:56 AM | Computer Name = 79D04EFD1D72425 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 7 time(s).

Error - 9/6/2010 1:14:02 AM | Computer Name = 79D04EFD1D72425 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 8 time(s).

Error - 9/6/2010 11:34:32 AM | Computer Name = 79D04EFD1D72425 | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 92 time(s).

Error - 9/6/2010 11:34:48 AM | Computer Name = 79D04EFD1D72425 | Source = Service Control Manager | ID = 7034
Description = The McAfee Validation Trust Protection Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 9/6/2010 11:35:13 AM | Computer Name = 79D04EFD1D72425 | Source = Service Control Manager | ID = 7034
Description = The McAfee Task Manager service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/6/2010 11:37:11 AM | Computer Name = 79D04EFD1D72425 | Source = Service Control Manager | ID = 7034
Description = The McAfee Engine Service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >
  • 0

#14
Rorschach112
Posted 06 September 2010 - 10:07 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
got your windows cd ?


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Muhammad Farhan\Desktop\*.tmp files -> C:\Documents and Settings\Muhammad Farhan\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Muhammad Farhan\*.tmp files -> C:\Documents and Settings\Muhammad Farhan\*.tmp -> ]
[2010/08/19 16:28:32 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/05/09 15:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Muhammad Farhan\Application Data\Iblexu

:Services

:Reg

:Files
ipconfig /flushdns /c
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\vbyxuhvlv
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\fbsxuouss

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
mmmf
Posted 06 September 2010 - 10:30 AM

mmmf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
All processes killed
========== OTL ==========
C:\WINDOWS\DUMP4c1c.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Muhammad Farhan\Desktop\~WRL2720.tmp deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\setup.exe deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\setuprsc.dll deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\xpcom.xpi deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\UninstallFirefox.zip deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\talkback.xpi deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\browser.xpi deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\adt.xpi deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\license.txt deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\install.ini deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\config.ini deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp\en-US.xpi deleted successfully.
C:\Documents and Settings\Muhammad Farhan\7zS1893.tmp folder deleted successfully.
C:\zrpt.xml moved successfully.
C:\Documents and Settings\Muhammad Farhan\Application Data\Iblexu folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Muhammad Farhan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Muhammad Farhan\Desktop\cmd.txt deleted successfully.
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\vbyxuhvlv folder moved successfully.
c:\documents and settings\Muhammad Farhan\Local Settings\Application Data\fbsxuouss folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 434 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 434 bytes

User: Muhammad Farhan
->Temp folder emptied: 176609 bytes
->Temporary Internet Files folder emptied: 670322 bytes
->Java cache emptied: 11897278 bytes
->FireFox cache emptied: 48226917 bytes
->Flash cache emptied: 362732 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33661 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 59.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Muhammad Farhan
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.11.0 log created on 09062010_171707

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP