Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Logs from ComboFix and RogueKiller...

Started by siddharta , Oct 02 2011 05:27 PM

  • This topic is locked This topic is locked

#1
siddharta
Posted 02 October 2011 - 05:27 PM

siddharta

    New Member

  • Member
  • Pip
  • 7 posts
Hi there, I could use some help here. In the last couple of days i haven't been able to run any anti-spyware programs, and when my computer got infected my antivirus stopped working(the infection shut it down, i presume). I tried kaspersky removal tool, but once the scan started, it would shut down (some thing with MBAM). I also tried running those programs in safe mode but the same thing happened. I will now try VIPRE Rescue, but If I'm not successful, what are my other choices? I tried making a log from hijackthis, but that didn't work either.


Edited: Here's the RougeKiller report

RogueKiller V6.1.1 [09/28/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Flor [Admin rights]
Mode: Scan -- Date : 10/02/2011 15:18:22

Bad processes: 3
[SUSP PATH] 375815461:3665992169.exe -- c:\windows\375815461:3665992169.exe -> KILLED [TermProc]
[SUSP PATH] 0.9951517197561167.exe -- c:\windows\temp\0.9951517197561167.exe -> KILLED [TermProc]
[RESIDUE] 375815461:3665992169.exe -- c:\windows\375815461:3665992169.exe -> KILLED [TermProc]

Registry Entries: 2
[SUSP PATH] setup_9.0.0.722_02.10.2011_20-49.lnk : C:\Documents and Settings\Flor\Desktop\Virus Removal Tool\setup_9.0.0.722_02.10.2011_20-49\startup.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [LOADED]
SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BAB52)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E48 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BE552)
SSDT[258] : NtTerminateThread @ 0x805D2BDC -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BA9C8)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BAA68)
SSDT[255] : NtSystemDebugControl @ 0x806180BA -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BDA3E)
SSDT[254] : NtSuspendThread @ 0x805D48F4 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BEA2A)
SSDT[253] : NtSuspendProcess @ 0x805D4A82 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BE8F0)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B9816)
SSDT[240] : NtSetSystemInformation @ 0x8060FD06 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BE7FE)
SSDT[237] : NtSetSecurityObject @ 0x805C062E -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BDDAA)
SSDT[230] : NtSetInformationToken @ 0x805FA7B4 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BD154)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BAE38)
SSDT[210] : NtSecureConnectPort @ 0x805A3D64 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BBB0E)
SSDT[207] : NtSaveKey @ 0x80625BCC -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B8EAE)
SSDT[206] : NtResumeThread @ 0x805D49BA -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BEBC8)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B928E)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D76 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BD8B4)
SSDT[195] : NtReplyWaitReceivePort @ 0x805A64B4 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BC6F2)
SSDT[194] : NtReplyPort @ 0x805A54EC -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BC82C)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B8F16)
SSDT[192] : NtRenameKey @ 0x80623B12 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B9C2C)
SSDT[180] : NtQueueApcThread @ 0x805D1276 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BDFA0)
SSDT[177] : NtQueryValueKey @ 0x80622314 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B999C)
SSDT[167] : NtQuerySection @ 0x805B85E0 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BE6AE)
SSDT[161] : NtQueryMultipleValueKey @ 0x8062323E -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B9D72)
SSDT[160] : NtQueryKey @ 0x80625810 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BA13A)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BA7BE)
SSDT[126] : NtOpenSemaphore @ 0x80615148 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BC4C8)
SSDT[125] : NtOpenSection @ 0x805AA3EC -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BE10E)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BA8CC)
SSDT[120] : NtOpenMutant @ 0x80617776 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BC288)
SSDT[119] : NtOpenKey @ 0x806254CE -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B96C0)
SSDT[116] : NtOpenFile @ 0x8057A1A6 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BB016)
SSDT[114] : NtOpenEvent @ 0x8060F04E -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BC3A8)
SSDT[111] : NtNotifyChangeKey @ 0x806262DE -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BA1CE)
SSDT[108] : NtMapViewOfSection @ 0x805B203A -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BE374)
SSDT[99] : NtLoadKey2 @ 0x80625F20 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B94EE)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B94DC)
SSDT[97] : NtLoadDriver @ 0x80584160 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BDC0C)
SSDT[84] : NtFsControlFile @ 0x805792A2 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BB500)
SSDT[73] : NtEnumerateValueKey @ 0x80624BA6 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BA0A2)
SSDT[71] : NtEnumerateKey @ 0x8062493C -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BA00A)
SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BED26)
SSDT[66] : NtDeviceIoControlFile @ 0x8057926E -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BB6F2)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B9EBE)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B9B0A)
SSDT[57] : NtDebugActiveProcess @ 0x80643B30 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BDB1A)
SSDT[56] : NtCreateWaitablePort @ 0x805A5110 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BC162)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BAC1C)
SSDT[51] : NtCreateSemaphore @ 0x8061504E -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BC432)
SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BA426)
SSDT[46] : NtCreatePort @ 0x805A50EC -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BC0CC)
SSDT[44] : NtCreateNamedPipeFile @ 0x805790E2 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BA27E)
SSDT[43] : NtCreateMutant @ 0x8061769E -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BC1F8)
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13B9500)
SSDT[37] : NtCreateFile @ 0x805790A8 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BB270)
SSDT[35] : NtCreateEvent @ 0x8060EF4E -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BC312)
SSDT[31] : NtConnectPort @ 0x805A45D0 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BBDC8)
SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BAF94)
SSDT[11] : NtAdjustPrivilegesToken @ 0x805EC464 -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13BA690)
S_SSDT[552] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CACE8)
S_SSDT[549] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CAC90)
S_SSDT[529] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CB698)
S_SSDT[502] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CAEEE)
S_SSDT[491] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CAFD2)
S_SSDT[476] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CAE36)
S_SSDT[475] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CADE2)
S_SSDT[460] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CAE8E)
S_SSDT[416] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CAD96)
S_SSDT[414] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CB04A)
S_SSDT[383] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CAD4A)
S_SSDT[378] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CAF3C)
S_SSDT[312] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CB2C6)
S_SSDT[307] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CB7E6)
S_SSDT[292] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CB182)
S_SSDT[237] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CB25E)
S_SSDT[227] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CB1EE)
S_SSDT[13] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\3045403drv.sys @ 0xB13CB118)

HOSTS File:
127.0.0.1 localhost
127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt




Also, i ran ComboFix, and this is the log

ComboFix 11-10-02.03 - Flor 10/02/2011 17:17:35.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2160 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: /killall
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Flor\TrueSight.sys
c:\documents and settings\Flor\WINDOWS
c:\windows\$NtUninstallKB48276$
c:\windows\$NtUninstallKB48276$\2224677766
c:\windows\$NtUninstallKB48276$\628975126\@
c:\windows\$NtUninstallKB48276$\628975126\bckfg.tmp
c:\windows\$NtUninstallKB48276$\628975126\cfg.ini
c:\windows\$NtUninstallKB48276$\628975126\Desktop.ini
c:\windows\$NtUninstallKB48276$\628975126\keywords
c:\windows\$NtUninstallKB48276$\628975126\kwrd.dll
c:\windows\$NtUninstallKB48276$\628975126\L\husioman
c:\windows\$NtUninstallKB48276$\628975126\lsflt7.ver
c:\windows\$NtUninstallKB48276$\628975126\U\00000001.@
c:\windows\$NtUninstallKB48276$\628975126\U\00000002.@
c:\windows\$NtUninstallKB48276$\628975126\U\80000000.@
c:\windows\$NtUninstallKB48276$\628975126\U\80000032.@
c:\windows\iun6002.exe
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
.
Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_257d6616
-------\Legacy_TrueSight
-------\Service_TrueSight
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 00:08 . 2008-04-13 18:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-10-03 00:08 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-10-02 22:58 . 2011-10-02 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-02 22:58 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-02 20:25 . 2011-10-02 23:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-02 20:06 . 2011-10-02 20:06 -------- d-----w- c:\program files\ESET
2011-10-02 20:06 . 2011-10-02 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-10-02 19:40 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2011-10-02 19:40 . 2011-10-02 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2011-10-02 17:32 . 2009-10-22 20:54 37392 ----a-w- c:\windows\system32\drivers\44662672.sys
2011-10-02 17:32 . 2009-09-26 00:59 128016 ----a-w- c:\windows\system32\drivers\44662671.sys
2011-10-02 06:03 . 2011-10-02 23:40 -------- d-----w- c:\documents and settings\Administrator
2011-10-01 21:40 . 2011-10-01 21:40 784 ----a-w- c:\windows\trz11.tmp
2011-09-09 04:05 . 2011-09-29 01:51 -------- d-----w- c:\program files\Bookshelf
2011-09-09 04:04 . 2011-09-09 04:04 249856 ------w- c:\windows\Setup1.exe
2011-09-09 04:04 . 2011-09-09 04:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-09-09 03:27 . 2011-09-09 03:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 03:21 . 2011-09-02 23:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-09 03:21 . 2011-09-02 23:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-09-03 10:17 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-09 20:57 . 2011-08-09 20:57 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 16:20 . 2011-08-04 16:20 103112 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2011-08-04 16:20 . 2011-08-04 16:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-07-15 13:29 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 10:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-03 06:01 . 2011-03-15 00:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-09-14 3062272]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-15 399224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-08-10 3076144]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-09-14 17:33 3062272 ----a-w- c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestPopUpKiller]
2005-03-04 19:53 245760 ----a-w- c:\program files\BestPopUpKiller\BestPopupKiller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 23:25 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2006-11-02 03:48 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
2005-03-29 07:02 252416 ----a-w- c:\program files\HistoryKill\histkill.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 23:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 23:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-25 00:30 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-12 06:12 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 19:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-15 17:45 399224 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)
.
R0 44662672;44662672 Boot Guard Driver;c:\windows\system32\drivers\44662672.sys [10/2/2011 10:32 AM 37392]
R1 44662671;44662671;c:\windows\system32\drivers\44662671.sys [10/2/2011 10:32 AM 128016]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/2/2011 3:58 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/2/2011 3:58 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 3:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPFILTERDRIVER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = https://login.live.c...bcxt=mai&snsc=1
mStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 206.13.28.12 206.13.31.12
FF - ProfilePath - c:\documents and settings\Flor\Application Data\Mozilla\Firefox\Profiles\yd5zviro.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
MSConfigStartUp-Software Informer - c:\program files\Software Informer\softinfo.exe
AddRemove-Product_Name - c:\windows\iun6002.exe
AddRemove-Silvestri_2009 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-02 17:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Completion time: 2011-10-02 17:42:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-03 00:42
.
Pre-Run: 49,586,601,984 bytes free
Post-Run: 49,969,221,632 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C3279630DFA71D69AD0AD4DEFDED883F

Edited by siddharta, 02 October 2011 - 06:48 PM.

  • 0

Advertisements

#2
siddharta
Posted 02 October 2011 - 06:54 PM

siddharta

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
After reading the rules ad tutorial (sorry for not doing it before) I downloaded OTL and here's the log... I'm not quite sure what issues to "fix"

OTL logfile created on: 10/2/2011 6:03:55 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Flor\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 71.14% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 46.55 Gb Free Space | 41.65% Space Free | Partition Type: NTFS

Computer Name: FLOR-CEB205A62D | User Name: Flor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/02 17:59:54 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Flor\My Documents\Downloads\OTL.com
PRC - [2011/09/02 23:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/08 20:27:59 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/02 23:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2006/11/01 20:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AVG Anti-Spyware Guard)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\44662672.sys -- (44662672)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\44662671.sys -- (44662671)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/05/30 05:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2006/10/12 23:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/05/24 18:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 18:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 18:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/23 11:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/14 12:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 12:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 12:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/05 11:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.c...bcxt=mai&snsc=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 20:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/19 14:18:41 | 000,000,000 | ---D | M]

[2009/12/06 15:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Flor\Application Data\Mozilla\Extensions
[2011/09/08 12:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Flor\Application Data\Mozilla\Firefox\Profiles\yd5zviro.default\extensions
[2010/03/15 14:01:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Flor\Application Data\Mozilla\Firefox\Profiles\yd5zviro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/30 13:03:49 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Flor\Application Data\Mozilla\Firefox\Profiles\yd5zviro.default\extensions\[email protected]
[2011/09/08 20:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\FLOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YD5ZVIRO.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2009/05/11 23:12:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/02 23:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/02 16:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/30 13:03:50 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml

========== Chrome ==========


O1 HOSTS File: ([2011/10/02 17:38:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Official Ares)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1268066953453 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1268066857234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.su...ows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://kiw.imgag.com...usher-kiwen.cab (Creative Toolbox Plug-in)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.13.28.12 206.13.31.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C27B886-3ACF-460C-A0AF-F150FCE7559B}: DhcpNameServer = 206.13.28.12 206.13.31.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Flor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Flor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/11 21:00:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/02 17:06:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/02 16:53:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/02 16:53:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/02 16:53:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/02 16:53:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/02 16:53:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/02 16:53:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/02 15:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/02 15:58:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/02 15:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/02 15:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flor\Desktop\RK_Quarantine
[2011/10/02 15:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/02 13:25:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/02 13:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/02 13:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/10/02 12:40:23 | 000,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2011/10/02 12:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/10/02 10:32:10 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\44662671.sys
[2011/10/02 10:32:10 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\44662672.sys
[2011/10/01 15:39:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Flor\Recent
[2011/10/01 13:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/01 13:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/09/16 13:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flor\My Documents\My Music
[2011/09/08 21:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flor\My Documents\My Books
[2011/09/08 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bookshelf
[2011/09/08 21:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Shared Books
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/02 17:38:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/02 17:28:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/02 17:07:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/02 16:02:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/02 15:58:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/01 15:37:07 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/30 19:40:50 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Flor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/30 19:40:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/28 20:40:26 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/23 08:16:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/20 20:10:46 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Flor\Desktop\Microsoft Office Word 2003.lnk
[2011/09/08 20:21:22 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Flor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/08 20:21:22 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/05 19:55:21 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Flor\My Documents\Vocabulary log.rtf
[2011/09/05 19:53:28 | 000,506,548 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/05 19:53:28 | 000,088,422 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/02 17:07:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/02 17:06:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/02 16:53:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/02 16:53:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/02 16:53:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/02 16:53:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/02 16:53:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/02 15:58:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/08 21:50:23 | 000,217,430 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/08 21:50:23 | 000,217,430 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-57989841-839522115-1004-0.dat
[2011/09/05 19:55:21 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\Flor\My Documents\Vocabulary log.rtf
[2011/06/19 15:25:35 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2011/04/19 14:40:19 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP23.INI
[2011/04/19 14:30:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2011/04/19 14:30:23 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Flor\Application Data\4555xx.ini
[2010/09/06 19:24:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/12/22 00:39:53 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Flor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/06 15:26:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/07 22:42:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/12 09:59:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/11 23:54:20 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2009/05/11 23:45:47 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/05/11 23:41:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7C16144273.sys
[2009/05/11 23:24:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/05/11 23:24:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/05/11 23:24:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/05/11 21:09:58 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/05/11 21:09:53 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/05/11 21:03:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 20:57:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/11 13:50:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/11 13:49:10 | 000,215,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/05/24 18:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/09 15:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 15:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/09 15:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/08/09 15:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/03/22 11:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 11:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/10/26 15:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/24 17:10:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hkpopupkiller.exe
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,506,548 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,088,422 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 11:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 16:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/03/18 13:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/10/01 15:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/14 21:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/10/02 13:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/10/02 12:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/04/24 14:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/10/01 15:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/14 21:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/07/10 20:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/30 14:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Flor\Application Data\facemoods.com
[2009/05/11 23:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Flor\Application Data\InterVideo
[2011/04/24 13:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Flor\Application Data\NewSoft
[2011/10/02 17:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Flor\Application Data\uTorrent
[2009/05/11 22:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Flor\Application Data\Windows Desktop Search
[2009/12/06 15:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Flor\Application Data\Windows Live Writer
[2009/05/14 21:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Flor\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by siddharta, 02 October 2011 - 07:51 PM.

  • 0

#3
maliprog
Posted 07 October 2011 - 01:56 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello siddharta and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2009/05/11 23:41:45 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7C16144273.sys

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#4
siddharta
Posted 08 October 2011 - 12:46 PM

siddharta

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello maliprog, Thanks for taking the time to help me.
I have completed your instructions and here are the logs: first OTL:

All processes killed
========== OTL ==========
C:\WINDOWS\system32\7C16144273.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 21447592 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Flor
->Temp folder emptied: 234678303 bytes
->Temporary Internet Files folder emptied: 6328102 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86047666 bytes
->Flash cache emptied: 5271 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 11989 bytes
->Flash cache emptied: 10748 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2215534 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1388947 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 6607 bytes

Total Files Cleaned = 336.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Flor
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10082011_113555

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#5
siddharta
Posted 08 October 2011 - 02:47 PM

siddharta

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
For the VRT log, there wasnt any threats detected, so the log cannot be saved since it's empty.
  • 0

#6
maliprog
Posted 09 October 2011 - 12:09 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi siddharta,

How is your system now? Problems?
  • 0

#7
siddharta
Posted 09 October 2011 - 12:52 AM

siddharta

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Computer works normal, although MBAM keeps telling me that it blocks access to several web sites, which appear to be numbers such as 102.93.9467 and such... and Kaspersky is over-protecting, restricting access to web sites i normally used before. (perhaps i should switch back to avast)
  • 0

#8
maliprog
Posted 09 October 2011 - 11:26 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi siddharta,

Malwarebytes is also overprotecting with IP blocker. You can disable it by right clicking on icon in your task bar.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#9
siddharta
Posted 10 October 2011 - 12:38 AM

siddharta

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I sure will follow those tips =) thanks a lot maliprog! You saved my girlfriend's computer, and my relationship too! =P
  • 0

#10
maliprog
Posted 10 October 2011 - 12:41 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad I could help! Take good care of here like you do for her system. :yes:

Good bye and stay safe :)
  • 0

#11
maliprog
Posted 17 October 2011 - 12:03 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP