Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo/Google Redirects to random webpage


  • This topic is locked This topic is locked
23 replies to this topic

#1 Edrod13

Edrod13

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 07 March 2010 - 08:14 PM

Just recently I was hit with some malware/virus that keeps redirecting me in either google or yahoo when performing a search. Sometimes if I am lucky it will actually go to the intended page. I currently run Malware Bytes, CCleaner, and AVG free and can't remember that last time I had an issue. Just concerned that this can open then door to additional exploits and want to get this fixed ASAP. Originally when I ran MalwareBytes it found 1 trojan in svchost.exe or something very similar. Got rid of that and consequent scans with malwarebytes don't find an infection but both search engines are still redirecting. Any help would be greatly appreciated. Thanks in advance. Here is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:46 PM, on 3/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\EDROD13\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} (Zenfolio Uploader) - http://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/...veX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5330 bytes

BC AdBot (Login to Remove)

 


#2 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 10 March 2010 - 02:10 PM

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log

MalWare Removal University Master

Member of ASAP
unite_Invision.png


#3 Edrod13

Edrod13
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 10 March 2010 - 06:23 PM

km2357,

Thank you for your help. Here is the most current Hijack Log file taken a few minutes ago.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:46 PM, on 3/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\EDROD13\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} (Zenfolio Uploader) - http://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/...veX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5873 bytes


#4 km2357

km2357

  • Malware Response Team
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:31 PM

Posted 10 March 2010 - 10:46 PM

Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.



  • Step # 2: Download and Run Gmer

    Please download gmer.zip from Gmer and save it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click No.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.


    In your next post/reply, I need to see the following:

    1. The two DDS Logs (DDS and Attach.txt)
    2. The GMER Log

    Use multiple posts if you can fit everything into one post.

    MalWare Removal University Master

    Member of ASAP
    unite_Invision.png


    #5 Edrod13

    Edrod13
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:09:31 PM

    Posted 11 March 2010 - 09:32 AM

    Ok. Here are the three logs. GMER gave me some issues the first time I ran by locking up my entire pc even though it allowed me to save a log file. I had to manually shut it down luckily it booted up fine. The second time around, I disabled AVG and it ran fine but the log file didn't change much from the first time. I hope it captured everything you need in order to help me fix my issue. I will say that this OS build is only about two months old as I decided to reformat just to keep my system running at optimal conditions.

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by EDROD13 at 0:05:02.17 on Thu 03/11/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2624 [GMT -8:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\WINZIP\wzqkpick.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\EDROD13\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://m.www.yahoo.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3elite\utility\Spyder3Utility.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
    IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-14 333192]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-14 28424]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-14 360584]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-14 906520]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-14 285392]
    S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2008-3-19 12288]

    =============== Created Last 30 ================


    ==================== Find3M ====================

    2010-03-06 19:55:54 0 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
    2010-02-01 02:27:30 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Spyder3_01001.Wdf
    2010-01-16 19:42:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2010-01-16 19:42:03 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2010-01-15 07:24:25 286720 ----a-w- c:\windows\iun507.exe
    2010-01-15 05:55:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-01-15 05:55:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-01-15 05:55:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-01-15 03:41:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 10:00:21 78336 ------w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll
    2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll

    ============= FINISH: 0:05:20.26 ===============

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 1/14/2010 7:45:23 PM
    System Uptime: 3/10/2010 3:13:57 PM (9 hours ago)

    Motherboard: Intel Corporation | | DG965SS
    Processor: Intel® Core™2 CPU 6300 @ 1.86GHz | LGA 775 | 1864/266mhz
    Processor: Intel® Core™2 CPU 6300 @ 1.86GHz | LGA 775 | 1864/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 34 GiB total, 23.152 GiB free.
    D: is FIXED (NTFS) - 39 GiB total, 1.034 GiB free.
    E: is FIXED (NTFS) - 160 GiB total, 156.389 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 466 GiB total, 207.704 GiB free.
    H: is FIXED (NTFS) - 466 GiB total, 465.375 GiB free.
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP7: 3/10/2010 5:18:39 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9.3
    Adobe Stock Photos 1.0
    ATI - Software Uninstall Utility
    ATI AVIVO Codecs
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Parental Control & Encoder
    ATI Problem Report Wizard
    AVG Free 9.0
    Canon iP1800 series
    Capture NX 2
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-03-11 06:16:26
    Windows 5.1.2600 Service Pack 2
    Running: gmer.exe; Driver: C:\DOCUME~1\EDROD13\LOCALS~1\Temp\fxtdapog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6D36000, 0x236D87, 0xE8000020]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----


    #6 km2357

    km2357

    • Malware Response Team
    • 1,784 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:California
    • Local time:06:31 PM

    Posted 11 March 2010 - 02:24 PM

    It looks like the contents of Attach.txt got cut off. Was there anything below CCC Help Thai in the log? If so, please post the rest of the log.

    Thanks. smile.gif

    MalWare Removal University Master

    Member of ASAP
    unite_Invision.png


    #7 Edrod13

    Edrod13
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:09:31 PM

    Posted 11 March 2010 - 08:25 PM

    Sorry, didn't catch that. Here is the entire Attach.txt log. Thanks

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 1/14/2010 7:45:23 PM
    System Uptime: 3/10/2010 3:13:57 PM (9 hours ago)

    Motherboard: Intel Corporation | | DG965SS
    Processor: Intel® Core™2 CPU 6300 @ 1.86GHz | LGA 775 | 1864/266mhz
    Processor: Intel® Core™2 CPU 6300 @ 1.86GHz | LGA 775 | 1864/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 34 GiB total, 23.152 GiB free.
    D: is FIXED (NTFS) - 39 GiB total, 1.034 GiB free.
    E: is FIXED (NTFS) - 160 GiB total, 156.389 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 466 GiB total, 207.704 GiB free.
    H: is FIXED (NTFS) - 466 GiB total, 465.375 GiB free.
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP7: 3/10/2010 5:18:39 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9.3
    Adobe Stock Photos 1.0
    ATI - Software Uninstall Utility
    ATI AVIVO Codecs
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Parental Control & Encoder
    ATI Problem Report Wizard
    AVG Free 9.0
    Canon iP1800 series
    Capture NX 2
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    ImgBurn
    Intel Audio Studio 2.0
    Intel® Active Client Manager 2.0 HECI Driver
    Intel® Network Connections 14.8.43.0
    IrfanView (remove only)
    Java Auto Updater
    Java™ 6 Update 18
    Malwarebytes' Anti-Malware
    MathType 6
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB973686)
    NEF Codec
    Nero Suite
    Nikon Message Center
    Opanda IExif 2.3
    Opanda PowerExif 1.2 Professional Trial
    Photo Story 3 for Windows
    Picture Control Utility
    PowerDVD
    RescuePRO 3.2
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    SigmaTel Audio
    Spyder3Elite
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 2
    WinZip
    Zenfolio Uploader

    ==== Event Viewer Messages From Past Week ========

    3/9/2010 7:09:50 AM, error: sbp2port [4] - Driver detected an internal error in its data structures for .
    3/10/2010 5:18:38 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '~efe2.tmp' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.

    ==== End Of File ===========================


    #8 km2357

    km2357

    • Malware Response Team
    • 1,784 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:California
    • Local time:06:31 PM

    Posted 12 March 2010 - 12:11 AM

    Step # 1: Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    *Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.

    MalWare Removal University Master

    Member of ASAP
    unite_Invision.png


    #9 Edrod13

    Edrod13
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:09:31 PM

    Posted 12 March 2010 - 09:34 AM

    ComboFix 10-03-11.05 - EDROD13 03/12/2010 6:26.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2724 [GMT -8:00]
    Running from: c:\documents and settings\EDROD13\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))
    .

    2010-03-10 03:42 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-03-08 01:31 . 2010-03-08 01:31 -------- d-----w- c:\windows\Sun
    2010-03-08 01:24 . 2010-03-08 01:24 503808 ----a-w- c:\documents and settings\EDROD13\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d1eaf37-n\msvcp71.dll
    2010-03-08 01:24 . 2010-03-08 01:24 499712 ----a-w- c:\documents and settings\EDROD13\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d1eaf37-n\jmc.dll
    2010-03-08 01:24 . 2010-03-08 01:24 348160 ----a-w- c:\documents and settings\EDROD13\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5d1eaf37-n\msvcr71.dll
    2010-03-08 01:24 . 2010-03-08 01:24 61440 ----a-w- c:\documents and settings\EDROD13\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7aa7c90a-n\decora-sse.dll
    2010-03-08 01:24 . 2010-03-08 01:24 12800 ----a-w- c:\documents and settings\EDROD13\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7aa7c90a-n\decora-d3d.dll
    2010-03-08 01:24 . 2010-03-08 01:24 -------- d-----w- c:\program files\Common Files\Java
    2010-03-08 01:23 . 2010-03-08 01:23 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-03-08 01:23 . 2010-03-08 01:23 -------- d-----w- c:\program files\Java
    2010-03-08 00:29 . 2010-03-08 00:29 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-03-08 00:28 . 2010-03-08 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2010-03-08 00:28 . 2010-03-08 00:28 -------- d-----w- c:\program files\Hitman Pro 3.5
    2010-03-06 19:22 . 2010-03-06 19:22 84992 --sha-r- c:\windows\system32\c_8741.dll
    2010-03-03 07:32 . 2010-03-03 07:32 -------- d-----w- c:\documents and settings\EDROD13\Application Data\Design Science
    2010-03-03 07:18 . 2010-03-03 07:18 -------- d-----w- c:\program files\MathType
    2010-02-27 18:49 . 2010-02-27 18:49 -------- d-----w- c:\documents and settings\EDROD13\Application Data\CyberLink
    2010-02-27 18:46 . 2010-02-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
    2010-02-27 18:46 . 2010-02-27 18:46 -------- d-----w- c:\program files\CyberLink
    2010-02-18 07:54 . 2004-02-17 19:20 208896 ----a-w- c:\windows\system32\lame_enc.dll
    2010-02-18 07:17 . 2010-02-18 07:17 -------- d-----w- c:\documents and settings\EDROD13\Local Settings\Application Data\Help
    2010-02-18 07:14 . 2010-02-18 07:14 -------- d-----w- c:\program files\Photo Story 3 for Windows

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-06 19:55 . 2010-01-15 06:40 0 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
    2010-03-06 19:50 . 2010-01-15 06:42 49152 ----a-r- c:\documents and settings\EDROD13\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
    2010-03-06 19:49 . 2010-01-15 06:08 -------- d-----w- c:\program files\Nikon
    2010-03-06 19:23 . 2010-01-15 06:42 57344 ----a-r- c:\documents and settings\EDROD13\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
    2010-03-04 03:10 . 2010-01-15 06:41 -------- d-----w- c:\documents and settings\EDROD13\Application Data\Nikon
    2010-03-04 03:10 . 2010-01-22 04:03 -------- d-----w- c:\program files\Common Files\Nikon
    2010-03-03 07:32 . 2010-01-15 04:31 47064 ----a-w- c:\documents and settings\EDROD13\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-27 18:46 . 2010-01-15 03:54 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-02-03 05:05 . 2010-01-16 19:35 -------- d-----w- c:\program files\Common Files\Ahead
    2010-02-03 05:04 . 2010-02-03 05:04 -------- d-----w- c:\program files\Ahead
    2010-02-03 03:54 . 2010-02-03 03:54 -------- d-----w- c:\documents and settings\EDROD13\Application Data\ImgBurn
    2010-02-03 03:51 . 2010-02-03 03:51 -------- d-----w- c:\program files\ImgBurn
    2010-02-01 02:27 . 2010-02-01 02:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Spyder3_01001.Wdf
    2010-02-01 02:21 . 2010-02-01 02:20 -------- d-----w- c:\program files\Datacolor
    2010-01-23 17:45 . 2010-01-23 17:45 -------- d-----w- c:\documents and settings\EDROD13\Application Data\Malwarebytes
    2010-01-23 17:45 . 2010-01-23 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-23 17:45 . 2010-01-23 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-19 00:19 . 2010-01-18 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-01-18 22:21 . 2010-01-18 22:21 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-01-18 22:20 . 2010-01-18 22:20 -------- d-----w- c:\program files\Microsoft.NET
    2010-01-18 22:17 . 2010-01-18 21:26 -------- d-----w- c:\program files\Common Files\Adobe
    2010-01-18 22:15 . 2010-01-18 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
    2010-01-18 22:15 . 2010-01-18 22:15 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
    2010-01-18 21:52 . 2010-01-18 21:52 -------- d-----w- c:\program files\Opanda
    2010-01-18 21:22 . 2010-01-18 21:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-01-18 21:18 . 2010-01-18 21:18 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-01-18 20:49 . 2010-01-18 20:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
    2010-01-18 20:49 . 2010-01-18 20:49 -------- d--h--w- c:\program files\CanonBJ
    2010-01-18 20:05 . 2010-01-18 20:05 -------- d-----w- c:\program files\CCleaner
    2010-01-17 07:28 . 2010-01-17 07:28 -------- d-----w- c:\program files\MSBuild
    2010-01-17 07:28 . 2010-01-17 07:28 -------- d-----w- c:\program files\Reference Assemblies
    2010-01-17 07:26 . 2010-01-17 07:26 -------- d-----w- c:\program files\MSXML 6.0
    2010-01-16 19:42 . 2010-01-16 19:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2010-01-16 19:42 . 2010-01-16 19:42 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2010-01-16 19:37 . 2010-01-16 19:36 -------- d-----w- c:\documents and settings\EDROD13\Application Data\Ahead
    2010-01-16 19:35 . 2010-01-16 19:35 -------- d-----w- c:\program files\Nero
    2010-01-16 19:35 . 2010-01-16 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2010-01-15 07:25 . 2010-01-15 07:24 -------- d-----w- c:\program files\RescuePRO
    2010-01-15 07:24 . 2010-01-15 07:24 286720 ----a-w- c:\windows\iun507.exe
    2010-01-15 06:42 . 2010-01-15 03:54 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-01-15 06:40 . 2010-01-15 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
    2010-01-15 06:40 . 2010-01-15 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
    2010-01-15 06:35 . 2010-01-15 06:35 -------- d-----w- c:\program files\IrfanView
    2010-01-15 05:55 . 2010-01-15 05:55 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-01-15 05:55 . 2010-01-15 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-01-15 05:55 . 2010-01-15 05:55 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-01-15 05:55 . 2010-01-15 05:55 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-01-15 05:54 . 2010-01-15 05:54 -------- d-----w- c:\program files\AVG
    2010-01-15 05:54 . 2010-01-15 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-01-15 04:43 . 2010-01-15 04:43 -------- d-----w- c:\documents and settings\EDROD13\Application Data\ATI
    2010-01-15 04:43 . 2010-01-15 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
    2010-01-15 04:43 . 2010-01-15 04:43 0 ----a-w- c:\windows\ativpsrm.bin
    2010-01-15 04:41 . 2010-01-15 04:37 -------- d-----w- c:\program files\ATI Technologies
    2010-01-15 04:40 . 2010-01-15 04:40 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2010-01-15 04:32 . 2010-01-15 03:50 -------- d-----w- c:\program files\Intel
    2010-01-15 04:28 . 2010-01-15 03:43 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2010-01-15 03:54 . 2010-01-15 03:54 -------- d-----w- c:\program files\Intel Audio Studio
    2010-01-15 03:54 . 2010-01-15 03:54 -------- d-----w- c:\program files\SigmaTel
    2010-01-15 03:49 . 2010-01-15 03:49 -------- d-----w- c:\program files\MSXML 4.0
    2010-01-15 03:44 . 2010-01-15 03:44 -------- d-----w- c:\program files\microsoft frontpage
    2010-01-15 03:41 . 2010-01-15 03:41 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-01-08 00:07 . 2010-01-23 17:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-08 00:07 . 2010-01-23 17:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-05 10:00 . 2003-03-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-01-05 10:00 . 2010-01-15 04:27 78336 ------w- c:\windows\system32\ieencode.dll
    2010-01-05 10:00 . 2003-03-31 12:00 17408 ------w- c:\windows\system32\corpol.dll
    2009-12-31 16:14 . 2003-03-31 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-16 12:58 . 2010-01-15 03:41 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:35 . 2003-03-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-08 9129984]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2008-3-19 6333954]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-3-10 106560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-01-15 05:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/14/2010 9:55 PM 333192]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/14/2010 9:55 PM 360584]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/14/2010 9:54 PM 906520]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/14/2010 9:54 PM 285392]
    S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [3/19/2008 3:26 PM 12288]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://m.www.yahoo.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
    IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
    DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SigmatelSysTrayApp - sttray.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-12 06:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(728)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3456)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-03-12 06:31:04
    ComboFix-quarantined-files.txt 2010-03-12 14:31

    Pre-Run: 24,435,933,184 bytes free
    Post-Run: 24,877,125,632 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - D282025AEC23DC1F60EE4314987B9F89


    #10 km2357

    km2357

    • Malware Response Team
    • 1,784 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:California
    • Local time:06:31 PM

    Posted 12 March 2010 - 03:21 PM

    QUOTE
    Originally when I ran MalwareBytes it found 1 trojan in svchost.exe or something very similar.


    Do you still have this log? If you do, please post it in your next post/reply.


    Step # 1 Upload Files

    Go to Jotti
    Copy the following line into the white textbox:
    c:\windows\system32\c_8741.dll
    Click Submit.
    Please post the results of this scan to this thread.

    If Jotti is busy, Go to VirusTotal and scan the file(s) there.


    Step # 2 Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      CODE
      :filefind
      atapi.sys
      iaStor.sys

    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt


    In your next post/reply, I need to see the following:

    1. The old MalwareBytes Log, if available
    2. The Jotti/Virustotal results
    3. The Systemlook Log

    Edited by km2357, 12 March 2010 - 03:21 PM.

    MalWare Removal University Master

    Member of ASAP
    unite_Invision.png


    #11 Edrod13

    Edrod13
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:09:31 PM

    Posted 12 March 2010 - 08:58 PM

    Old Malware Log:

    Malwarebytes' Anti-Malware 1.44
    Database version: 3831
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13

    3/6/2010 11:33:53 PM
    mbam-log-2010-03-06 (23-33-53).txt

    Scan type: Quick Scan
    Objects scanned: 115123
    Time elapsed: 3 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\EDROD13\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\Tasks\Acrobat Update.job (Malware.Trace) -> Quarantined and deleted successfully.


    Virus Total Results:


    0 bytes size received

    SystemLook log:

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 17:54 on 12/03/2010 by EDROD13 (Administrator - Elevation successful)

    ========== filefind ==========

    Searching for "atapi.sys"
    C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 86912 bytes [04:25 15/01/2010] [09:27 29/08/2002] 95B858761A00E1D4F81F79A0DA019ACA
    C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [14:30 12/03/2010] [06:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
    C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 95360 bytes [04:26 15/01/2010] [06:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
    C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a--- 96512 bytes [07:39 15/01/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
    C:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [03:50 15/01/2010] [06:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
    C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys --a--- 86912 bytes [03:50 15/01/2010] [12:00 31/03/2003] 95B858761A00E1D4F81F79A0DA019ACA
    C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys --a--- 86912 bytes [03:50 15/01/2010] [09:27 29/08/2002] 95B858761A00E1D4F81F79A0DA019ACA

    Searching for "iaStor.sys"
    No files found.

    -=End Of File=-


    #12 km2357

    km2357

    • Malware Response Team
    • 1,784 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:California
    • Local time:06:31 PM

    Posted 12 March 2010 - 09:56 PM

    QUOTE
    Virus Total Results:

    0 bytes size received


    Did you upload c:\windows\system32\c_8741.dll to just VirusTotal? Or did you try Jotti as well? If you didn't, please upload the file to Jotti and let me know the results.


    I'd also like for you to do the following as well:


    Step # 1 Run CCleaner

    CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
    • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 24 hours
    • Then select the items you wish to clean up.
    • In the Windows Tab:
    • Clean all entries in the Internet Explorer section except Cookies
    • Clean all the entries in the Windows Explorer section
    • Clean all entries in the System section
    • Clean all entries in the Advanced section
    • Clean any others that you choose
    • In the Applications Tab:
    • Clean all except cookies in the Firefox/Mozilla section if you use it
    • Clean all in the Opera section if you use it
    • Clean Sun Java in the Internet Section
    • Clean any others that you choose
    • Click the Run Cleaner button.
    • A pop up box will appear advising this process will permanently delete files from your system.
    • Click OK and it will scan and clean your system.
    • Click exit when done.
    • If it asks you to reboot at the end, click NO
    Step # 2 Run Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware.
    • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
    • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • You can also access the log by doing the following:
    • Click on the Malwarebytes' Anti-Malware icon to launch the program.
    • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open.
    Post the Jotti and the MalwareBytes' Logs in your next post/reply.

    Edited by km2357, 12 March 2010 - 09:57 PM.

    MalWare Removal University Master

    Member of ASAP
    unite_Invision.png


    #13 Edrod13

    Edrod13
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:09:31 PM

    Posted 12 March 2010 - 11:52 PM

    I did upload the file to both sites but it comes up emtpy both times which tells me that the file is no longer in my system. Correct?

    Malwarebytes' Anti-Malware 1.44
    Database version: 3862
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13

    3/12/2010 8:33:26 PM
    mbam-log-2010-03-12 (20-33-26).txt

    Scan type: Quick Scan
    Objects scanned: 112875
    Time elapsed: 2 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    #14 km2357

    km2357

    • Malware Response Team
    • 1,784 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:California
    • Local time:06:31 PM

    Posted 13 March 2010 - 01:13 PM

    QUOTE
    I did upload the file to both sites but it comes up emtpy both times which tells me that the file is no longer in my system. Correct?


    Usually when you upload a file to either Jotti or Virus Total and it comes back with 0 bytes recieved it means that the file itself (or some other malware) is blocking you from uploading the file so that you can successfully scan it.

    It should still be on your computer, let's do a search with SystemLook to confirm it:
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      CODE
      :filefind
      c_8741.dll

    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt

    MalWare Removal University Master

    Member of ASAP
    unite_Invision.png


    #15 Edrod13

    Edrod13
    • Topic Starter

    • Members
    • 24 posts
    • OFFLINE
    •  
    • Local time:09:31 PM

    Posted 13 March 2010 - 01:16 PM

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 10:15 on 13/03/2010 by EDROD13 (Administrator - Elevation successful)

    ========== filefind ==========

    Searching for "c_8741.dll"
    C:\WINDOWS\system32\c_8741.dll -rahs- 84992 bytes [19:22 06/03/2010] [19:22 06/03/2010] (Unable to calculate MD5)

    -=End Of File=-




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users