Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stopzilla and Various Random Pop Ups


  • This topic is locked This topic is locked
53 replies to this topic

#1 DoubleJ29

DoubleJ29

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 04 May 2010 - 12:18 PM

Hi I recently got a virus about a week ago. I think it was removed through system restore, malwarebytes, spybot and avg. The virus/spyware said something about an RIAA infringement and settling in court and out of court? As of now I randomly get pop ups, one that comes to mind is Stopzilla. I did a scan again with malwarebytes, spybot and avg but they find nothing. The pop ups occur randomly when I'm surfing. Last night I tried to do use an online virus scanner and it kept relinking me to other random webpages everytime I clicked on a link. I've also been getting win32k generic process errors. I'm stuck on how to remove these problems. Thanks in advance.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 10:31:53.67 on Tue 05/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1282 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Program Files\AIM6\aolsoftware.exe
svchost.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\AVG\AVG9\avgam.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\program files\bitcomet\tools\BitCometBHO_1.1.3.28.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg9\avgssie.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [H/PC Connection Agent] "d:\program files\microsoft activesync\wcescomm.exe"
uRun: [Aim6] "d:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Google Update] "d:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [updateMgr] "d:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
uRun: [WMPNSCFG] d:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NVIDIA nTune] "d:\program files\nvidia corporation\ntune\\nTune.exe" clear
mRun: [WinampAgent] d:\program files\winamp\winampa.exe
mRun: [RemoteControl] "d:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [DAEMON Tools] "d:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [Acrobat Assistant 7.0] "d:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [googletalk] d:\program files\google\google talk\googletalk.exe /autostart
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - d:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &D&ownload &with BitComet - d:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: { - d:\documents and settings\all users\st

Attached Files


Edited by DoubleJ29, 04 May 2010 - 12:32 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:33 AM

Posted 05 May 2010 - 05:32 PM

Hi DoubleJ29,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  1. Please uninstall Daemon tools and Alcohol 120 as they interfere with working of our tools. You may install them when we are done.

  2. Open a notepad (Start > Run and type in Notepad )

    Copy and paste the text in code box into it.

    CODE
    REGEDIT4

    [HKEY_CURRENT_USSER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=-

    [HKEY_CURRENT_USSER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-

    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm. It should look like
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.

    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  3. You have still some leftovers from an incomplete uninstalled Symantec on your computer.

    First uninstall the following via Add/Remove Progrqams: LiveUpdate 3.2 (Symantec Corporation)

    To remove the leftovers please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions named below. It doesn't matter which version you have.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  4. The DDS.txt log is incomplete please remove the old log from your computer and copy/paste a fresh DDS.txt log. No need for Attach.txt.

  5. Also we nee a fresh GMER log after doing the above steps.


#3 DoubleJ29

DoubleJ29
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 05 May 2010 - 10:04 PM

I won't make any changes unless you ask me to. Thanks for looking at my post, I know you must be busy. Gmer took a while to run, but below is my dds and gmer is attached.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 19:17:16.82 on Wed 05/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1362 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
D:\Program Files\AIM6\aolsoftware.exe
svchost.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\AVG\AVG9\avgam.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\program files\bitcomet\tools\BitCometBHO_1.1.3.28.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg9\avgssie.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [H/PC Connection Agent] "d:\program files\microsoft activesync\wcescomm.exe"
uRun: [Aim6] "d:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Google Update] "d:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [updateMgr] "d:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
uRun: [WMPNSCFG] d:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NVIDIA nTune] "d:\program files\nvidia corporation\ntune\\nTune.exe" clear
mRun: [WinampAgent] d:\program files\winamp\winampa.exe
mRun: [RemoteControl] "d:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Acrobat Assistant 7.0] "d:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [googletalk] d:\program files\google\google talk\googletalk.exe /autostart
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - d:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &D&ownload &with BitComet - d:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: { - d:\documents and settings\all users\st

Please check my post below to see the complete DDS scan. I was having trouble posting on bleeping before some connection errors?

Attached Files

  • Attached File  ark.txt   13.22KB   7 downloads

Edited by DoubleJ29, 05 May 2010 - 10:36 PM.


#4 DoubleJ29

DoubleJ29
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 05 May 2010 - 10:15 PM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 19:17:16.82 on Wed 05/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1362 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
D:\Program Files\AIM6\aolsoftware.exe
svchost.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\AVG\AVG9\avgam.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\program files\bitcomet\tools\BitCometBHO_1.1.3.28.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg9\avgssie.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [H/PC Connection Agent] "d:\program files\microsoft activesync\wcescomm.exe"
uRun: [Aim6] "d:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Google Update] "d:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [updateMgr] "d:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
uRun: [WMPNSCFG] d:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NVIDIA nTune] "d:\program files\nvidia corporation\ntune\\nTune.exe" clear
mRun: [WinampAgent] d:\program files\winamp\winampa.exe
mRun: [RemoteControl] "d:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Acrobat Assistant 7.0] "d:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [googletalk] d:\program files\google\google talk\googletalk.exe /autostart
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - d:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &D&ownload &with BitComet - d:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: { - d:\documents and settings\all users\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - d:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262657360046
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\p7p11fwb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: d:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: d:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\administrator\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {F48A6C62-2B61-43BE-9972-6154603FE028} - d:\documents and settings\administrator\local settings\application data\{F48A6C62-2B61-43BE-9972-6154603FE028}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [2010-1-27 52872]
R0 pavboot;Panda boot driver;d:\windows\system32\drivers\pavboot.sys [2010-5-3 28552]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2010-1-27 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2010-1-27 29512]
R1 AvgTdiX;AVG Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2010-1-27 242896]
R2 aawservice;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg9wd;AVG WatchDog;d:\program files\avg\avg9\avgwdsvc.exe [2010-3-4 308064]
S3 rk_remover;rk_remover;\??\d:\windows\system32\drivers\rk_remover.sys --> d:\windows\system32\drivers\rk_remover.sys [?]

=============== Created Last 30 ================

2010-05-04 02:55:42 28552 ----a-w- d:\windows\system32\drivers\pavboot.sys
2010-05-02 18:31:19 256512 ----a-w- d:\windows\PEV.exe
2010-05-02 18:19:37 0 d-----w- d:\windows\system32\wbem\Repository
2010-05-02 18:19:15 0 d-----w- d:\docume~1\admini~1\applic~1\442AC4430D8DE508C3FB20A96FC466F3
2010-04-29 21:43:58 0 d-----w- d:\docume~1\alluse~1\applic~1\Blizzard Entertainment

==================== Find3M ====================

2010-04-29 21:53:08 242896 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-04-29 19:39:38 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-03-10 06:15:52 420352 ----a-w- d:\windows\system32\vbscript.dll
2010-03-04 21:48:56 12464 ----a-w- d:\windows\system32\avgrsstx.dll
2010-02-25 06:24:37 916480 ----a-w- d:\windows\system32\wininet.dll
2010-02-17 13:10:28 2189952 ------w- d:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ------w- d:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- d:\windows\system32\6to4svc.dll

============= FINISH: 19:18:53.29 ===============

DDS did not fully copy over before for some reason



Edited by DoubleJ29, 05 May 2010 - 10:30 PM.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:33 AM

Posted 06 May 2010 - 02:56 AM

Did you uninstall Daemon Tools and Alcohol? Their driver are still showing up on the GMER log.

Also I see the registry fix didn't work, perhaps the malware put it back again. Please have the regfix.reg ready in case after removing the malware you had trouble connecting to internet. You can also do the following:

Open Internet Explorer. Under Tools menu=> Internet Options => click on the Connections tab, then click on LAN Settings. The following item should be unchecked:
    Use a proxy server for your LAN

    ***************
    1. Please download DeFogger to your desktop.

      Double click DeFogger to run the tool.
      • The application window will appear
      • Click the Disable button to disable your CD Emulation drivers
      • Click Yes to continue
      • A 'Finished!' message will appear
      • Click OK
      • If DeFogger ask to reboot the machine - click OK
      IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

      Do not re-enable these drivers until otherwise instructed.

    2. Download ComboFix from one of these locations:

      Link 1
      Link 2
      Link 3

      * IMPORTANT !!! Save ComboFix.exe to your Desktop

      • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
      • Double click on ComboFix.exe & follow the prompts.
      • You will get a warning about the not trusted download sites for ComboFix, click Yes.
      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



      Click on Yes, to continue scanning for malware.

      When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#6 DoubleJ29

DoubleJ29
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 06 May 2010 - 04:04 PM

I uninstalled Alcohol through Add/Remove programs. Daemon Tools wasn't there and I unstalled it with a uninstall.exe in the folder.

I checked "Use a proxy server for your LAN" and that was already unchecked.



ComboFix 10-05-05.0D - Administrator 05/06/2010 16:45:38.20.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1432 [GMT -4:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-04 02:55 . 2009-06-30 13:37 28552 ----a-w- d:\windows\system32\drivers\pavboot.sys
2010-05-02 18:19 . 2010-05-02 18:19 -------- d-----w- d:\windows\system32\wbem\Repository
2010-05-02 18:19 . 2010-05-02 18:19 -------- d-----w- d:\documents and settings\Administrator\Application Data\442AC4430D8DE508C3FB20A96FC466F3
2010-04-29 21:53 . 2010-04-29 21:53 242696 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-29 21:52 . 2010-04-29 21:52 1690464 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-29 21:52 . 2010-04-29 21:52 1038688 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-29 21:52 . 2010-04-29 21:52 813336 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-29 21:52 . 2010-04-29 21:52 624920 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-29 21:43 . 2010-04-29 21:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-04-29 21:43 . 2010-04-29 21:43 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 23:10 . 2006-03-12 20:41 -------- d-----w- d:\program files\Common Files\Symantec Shared
2010-05-04 14:27 . 2006-03-12 06:27 -------- d-----w- d:\program files\mIRC
2010-05-04 02:55 . 2010-01-04 22:05 -------- d-----w- d:\program files\Panda Security
2010-05-03 23:34 . 2010-03-20 21:14 -------- d-----w- d:\program files\uTorrent
2010-05-02 21:58 . 2006-05-11 16:21 -------- d-----w- d:\documents and settings\Administrator\Application Data\uTorrent
2010-04-29 22:00 . 2010-01-27 04:09 1324 ----a-w- d:\windows\system32\d3d9caps.dat
2010-04-29 21:53 . 2010-01-27 04:27 242896 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-04-29 21:52 . 2008-09-07 18:21 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-04-29 21:50 . 2010-01-01 23:58 6153352 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-29 19:39 . 2009-12-16 05:04 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-12-16 05:04 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-04-20 20:28 . 2007-05-21 02:57 -------- d-----w- d:\program files\Common Files\Blizzard Entertainment
2010-03-22 03:36 . 2010-03-10 03:01 389640 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- d:\windows\system32\vbscript.dll
2010-03-10 02:28 . 2010-03-10 02:28 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard
2010-03-10 02:02 . 2007-03-12 22:05 -------- d-----w- d:\program files\TurboTax
2010-03-10 02:01 . 2006-03-12 04:25 45880 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 21:48 . 2010-03-04 21:48 12464 ----a-w- d:\windows\system32\avgrsstx.dll
2010-03-04 21:48 . 2010-01-27 04:27 29512 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-03-04 21:48 . 2010-01-27 04:27 216200 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-03-04 21:48 . 2010-01-27 04:27 52872 ----a-w- d:\windows\system32\drivers\avgrkx86.sys
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10 . 2004-08-04 12:00 2189952 ------w- d:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- d:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- d:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- d:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="d:\program files\AIM6\aim6.exe" [2007-04-27 50736]
"Google Update"="d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-13 133104]
"updateMgr"="d:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2005-12-14 1519616]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2006-02-21 35328]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Acrobat Assistant 7.0"="d:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-10-16 417792]
"googletalk"="d:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - d:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-3-12 25214]
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 21:48 12464 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=d:\windows\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-04-27 21:17 50736 ----a-w- d:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-14 00:36 196608 ----a-w- d:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-02-05 22:35 25370152 ----a-w- d:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Fear\\FEARMP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\AIM\\aim.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7200:TCP"= 7200:TCP:BitComet 7200 TCP
"7200:UDP"= 7200:UDP:BitComet 7200 UDP
"5200:TCP"= 5200:TCP:BitComet 5200 TCP
"5200:UDP"= 5200:UDP:BitComet 5200 UDP
"5250:TCP"= 5250:TCP:BitComet 5250 TCP
"5250:UDP"= 5250:UDP:BitComet 5250 UDP
"8888:TCP"= 8888:TCP:BitComet 8888 TCP
"8888:UDP"= 8888:UDP:BitComet 8888 UDP
"7777:TCP"= 7777:TCP:BitComet 7777 TCP
"7777:UDP"= 7777:UDP:BitComet 7777 UDP
"7500:TCP"= 7500:TCP:BitComet 7500 TCP
"7500:UDP"= 7500:UDP:BitComet 7500 UDP
"7400:TCP"= 7400:TCP:BitComet 7400 TCP
"7400:UDP"= 7400:UDP:BitComet 7400 UDP
"500:TCP"= 500:TCP:BitComet 500 TCP
"500:UDP"= 500:UDP:BitComet 500 UDP
"6500:TCP"= 6500:TCP:BitComet 6500 TCP
"6500:UDP"= 6500:UDP:BitComet 6500 UDP
"5500:TCP"= 5500:TCP:BitComet 5500 TCP
"5500:UDP"= 5500:UDP:BitComet 5500 UDP
"8500:TCP"= 8500:TCP:BitComet 8500 TCP
"8500:UDP"= 8500:UDP:BitComet 8500 UDP
"7555:TCP"= 7555:TCP:BitComet 7555 TCP
"7555:UDP"= 7555:UDP:BitComet 7555 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6555:TCP"= 6555:TCP:BitComet 6555 TCP
"6555:UDP"= 6555:UDP:BitComet 6555 UDP
"8555:TCP"= 8555:TCP:BitComet 8555 TCP
"8555:UDP"= 8555:UDP:BitComet 8555 UDP
"5555:TCP"= 5555:TCP:BitComet 5555 TCP
"5555:UDP"= 5555:UDP:BitComet 5555 UDP
"7888:TCP"= 7888:TCP:BitComet 7888 TCP
"7888:UDP"= 7888:UDP:BitComet 7888 UDP
"6666:TCP"= 6666:TCP:BitComet 6666 TCP
"6666:UDP"= 6666:UDP:BitComet 6666 UDP
"3333:TCP"= 3333:TCP:BitComet 3333 TCP
"3333:UDP"= 3333:UDP:BitComet 3333 UDP
"1555:TCP"= 1555:TCP:BitComet 1555 TCP
"1555:UDP"= 1555:UDP:BitComet 1555 UDP
"1111:TCP"= 1111:TCP:BitComet 1111 TCP
"1111:UDP"= 1111:UDP:BitComet 1111 UDP
"2222:TCP"= 2222:TCP:BitComet 2222 TCP
"2222:UDP"= 2222:UDP:BitComet 2222 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [1/27/2010 12:27 AM 52872]
R0 pavboot;Panda boot driver;d:\windows\system32\drivers\pavboot.sys [5/3/2010 10:55 PM 28552]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [1/27/2010 12:27 AM 216200]
R1 AvgTdiX;AVG Network Redirector;d:\windows\system32\drivers\avgtdix.sys [1/27/2010 12:27 AM 242896]
R2 avg9wd;AVG WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [3/4/2010 5:48 PM 308064]
S3 rk_remover;rk_remover;\??\d:\windows\system32\drivers\rk_remover.sys --> d:\windows\system32\drivers\rk_remover.sys [?]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [3/12/2006 5:14 PM 642560]
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1682526488-725345543-500Core.job
- d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-13 03:14]

2010-05-06 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1682526488-725345543-500UA.job
- d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-13 03:14]

2010-05-06 d:\windows\Tasks\OGALogon.job
- d:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - d:\documents and settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p7p11fwb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: d:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: d:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {F48A6C62-2B61-43BE-9972-6154603FE028} - d:\documents and settings\Administrator\Local Settings\Application Data\{F48A6C62-2B61-43BE-9972-6154603FE028}

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 16:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-1682526488-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,0f,b7,19,a8,16,21,4b,ab,e8,04,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,0f,b7,19,a8,16,21,4b,ab,e8,04,\

[HKEY_USERS\S-1-5-21-1275210071-1682526488-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:91,a1,f6,b3,e6,97,7c,db,03,5a,e3,d7,9b,21,28,3c,ac,aa,fd,6c,57,7e,9e,
9c,31,64,f2,2f,53,76,37,dd,07,d7,77,32,ac,7d,30,cb,4e,63,39,b9,c6,1f,98,e5,\
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
d:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(972)
d:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2164)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-06 16:58:03
ComboFix-quarantined-files.txt 2010-05-06 20:57

Pre-Run: 2,667,393,024 bytes free
Post-Run: 3,008,323,584 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - 10D3D827BDB68FC54FEC2E0EB2187A3D


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:33 AM

Posted 07 May 2010 - 04:07 AM

Seems CF is run already many times.
  1. Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    CODE
    Driver::
    rk_remove
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    Firefox::
    FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p7p11fwb.default\
    FF - HiddenExtension: XULRunner: {F48A6C62-2B61-43BE-9972-6154603FE028} - d:\documents and settings\Administrator\Local Settings\Application Data\{F48A6C62-2B61-43BE-9972-6154603FE028}
    RegLock::
    [HKEY_USERS\S-1-5-21-1275210071-1682526488-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
    Registry::
    [HKEY_CURRENT_USSER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-


    Save this as CFScript.txt, in the same location as ComboFix.exe




    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  2. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "JDK 6 Update 20 (JDK or JRE)".
    • Click the Download JRE button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.

  3. Tell me also if the issue is taken care of.


#8 DoubleJ29

DoubleJ29
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 07 May 2010 - 04:07 PM

1.

ComboFix 10-05-07.01 - Administrator 05/07/2010 16:37:54.21.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1454 [GMT -4:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Administrator\Local Settings\Application Data\{F48A6C62-2B61-43BE-9972-6154603FE028}
d:\documents and settings\Administrator\Local Settings\Application Data\{F48A6C62-2B61-43BE-9972-6154603FE028}\chrome.manifest
d:\documents and settings\Administrator\Local Settings\Application Data\{F48A6C62-2B61-43BE-9972-6154603FE028}\chrome\content\_cfg.js
d:\documents and settings\Administrator\Local Settings\Application Data\{F48A6C62-2B61-43BE-9972-6154603FE028}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-04 02:55 . 2009-06-30 13:37 28552 ----a-w- d:\windows\system32\drivers\pavboot.sys
2010-05-02 18:19 . 2010-05-02 18:19 -------- d-----w- d:\windows\system32\wbem\Repository
2010-05-02 18:19 . 2010-05-02 18:19 -------- d-----w- d:\documents and settings\Administrator\Application Data\442AC4430D8DE508C3FB20A96FC466F3
2010-04-29 21:53 . 2010-04-29 21:53 242696 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-29 21:52 . 2010-04-29 21:52 1690464 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-29 21:52 . 2010-04-29 21:52 1038688 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-29 21:52 . 2010-04-29 21:52 813336 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-29 21:52 . 2010-04-29 21:52 624920 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-29 21:43 . 2010-04-29 21:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-04-29 21:43 . 2010-04-29 21:43 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\Blizzard Entertainment
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- d:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 23:10 . 2006-03-12 20:41 -------- d-----w- d:\program files\Common Files\Symantec Shared
2010-05-04 14:27 . 2006-03-12 06:27 -------- d-----w- d:\program files\mIRC
2010-05-04 02:55 . 2010-01-04 22:05 -------- d-----w- d:\program files\Panda Security
2010-05-03 23:34 . 2010-03-20 21:14 -------- d-----w- d:\program files\uTorrent
2010-05-02 21:58 . 2006-05-11 16:21 -------- d-----w- d:\documents and settings\Administrator\Application Data\uTorrent
2010-04-29 22:00 . 2010-01-27 04:09 1324 ----a-w- d:\windows\system32\d3d9caps.dat
2010-04-29 21:53 . 2010-01-27 04:27 242896 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-04-29 21:52 . 2008-09-07 18:21 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-04-29 21:50 . 2010-01-01 23:58 6153352 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-29 19:39 . 2009-12-16 05:04 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-12-16 05:04 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-04-20 20:28 . 2007-05-21 02:57 -------- d-----w- d:\program files\Common Files\Blizzard Entertainment
2010-03-22 03:36 . 2010-03-10 03:01 389640 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- d:\windows\system32\vbscript.dll
2010-03-10 02:28 . 2010-03-10 02:28 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard
2010-03-10 02:02 . 2007-03-12 22:05 -------- d-----w- d:\program files\TurboTax
2010-03-10 02:01 . 2006-03-12 04:25 45880 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 21:48 . 2010-03-04 21:48 12464 ----a-w- d:\windows\system32\avgrsstx.dll
2010-03-04 21:48 . 2010-01-27 04:27 29512 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-03-04 21:48 . 2010-01-27 04:27 216200 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-03-04 21:48 . 2010-01-27 04:27 52872 ----a-w- d:\windows\system32\drivers\avgrkx86.sys
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10 . 2004-08-04 12:00 2189952 ------w- d:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- d:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- d:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- d:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="d:\program files\AIM6\aim6.exe" [2007-04-27 50736]
"Google Update"="d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-13 133104]
"updateMgr"="d:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2005-12-14 1519616]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2006-02-21 35328]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Acrobat Assistant 7.0"="d:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-10-16 417792]
"googletalk"="d:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - d:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-3-12 25214]
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 21:48 12464 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=d:\windows\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-04-27 21:17 50736 ----a-w- d:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-14 00:36 196608 ----a-w- d:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-02-05 22:35 25370152 ----a-w- d:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Fear\\FEARMP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\AIM\\aim.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7200:TCP"= 7200:TCP:BitComet 7200 TCP
"7200:UDP"= 7200:UDP:BitComet 7200 UDP
"5200:TCP"= 5200:TCP:BitComet 5200 TCP
"5200:UDP"= 5200:UDP:BitComet 5200 UDP
"5250:TCP"= 5250:TCP:BitComet 5250 TCP
"5250:UDP"= 5250:UDP:BitComet 5250 UDP
"8888:TCP"= 8888:TCP:BitComet 8888 TCP
"8888:UDP"= 8888:UDP:BitComet 8888 UDP
"7777:TCP"= 7777:TCP:BitComet 7777 TCP
"7777:UDP"= 7777:UDP:BitComet 7777 UDP
"7500:TCP"= 7500:TCP:BitComet 7500 TCP
"7500:UDP"= 7500:UDP:BitComet 7500 UDP
"7400:TCP"= 7400:TCP:BitComet 7400 TCP
"7400:UDP"= 7400:UDP:BitComet 7400 UDP
"500:TCP"= 500:TCP:BitComet 500 TCP
"500:UDP"= 500:UDP:BitComet 500 UDP
"6500:TCP"= 6500:TCP:BitComet 6500 TCP
"6500:UDP"= 6500:UDP:BitComet 6500 UDP
"5500:TCP"= 5500:TCP:BitComet 5500 TCP
"5500:UDP"= 5500:UDP:BitComet 5500 UDP
"8500:TCP"= 8500:TCP:BitComet 8500 TCP
"8500:UDP"= 8500:UDP:BitComet 8500 UDP
"7555:TCP"= 7555:TCP:BitComet 7555 TCP
"7555:UDP"= 7555:UDP:BitComet 7555 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6555:TCP"= 6555:TCP:BitComet 6555 TCP
"6555:UDP"= 6555:UDP:BitComet 6555 UDP
"8555:TCP"= 8555:TCP:BitComet 8555 TCP
"8555:UDP"= 8555:UDP:BitComet 8555 UDP
"5555:TCP"= 5555:TCP:BitComet 5555 TCP
"5555:UDP"= 5555:UDP:BitComet 5555 UDP
"7888:TCP"= 7888:TCP:BitComet 7888 TCP
"7888:UDP"= 7888:UDP:BitComet 7888 UDP
"6666:TCP"= 6666:TCP:BitComet 6666 TCP
"6666:UDP"= 6666:UDP:BitComet 6666 UDP
"3333:TCP"= 3333:TCP:BitComet 3333 TCP
"3333:UDP"= 3333:UDP:BitComet 3333 UDP
"1555:TCP"= 1555:TCP:BitComet 1555 TCP
"1555:UDP"= 1555:UDP:BitComet 1555 UDP
"1111:TCP"= 1111:TCP:BitComet 1111 TCP
"1111:UDP"= 1111:UDP:BitComet 1111 UDP
"2222:TCP"= 2222:TCP:BitComet 2222 TCP
"2222:UDP"= 2222:UDP:BitComet 2222 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [1/27/2010 12:27 AM 52872]
R0 pavboot;Panda boot driver;d:\windows\system32\drivers\pavboot.sys [5/3/2010 10:55 PM 28552]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [1/27/2010 12:27 AM 216200]
R1 AvgTdiX;AVG Network Redirector;d:\windows\system32\drivers\avgtdix.sys [1/27/2010 12:27 AM 242896]
R2 avg9wd;AVG WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [3/4/2010 5:48 PM 308064]
S3 rk_remover;rk_remover;\??\d:\windows\system32\drivers\rk_remover.sys --> d:\windows\system32\drivers\rk_remover.sys [?]
S4 sptd;sptd;d:\windows\system32\drivers\sptd.sys [3/12/2006 5:14 PM 642560]
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1682526488-725345543-500Core.job
- d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-13 03:14]

2010-05-07 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1682526488-725345543-500UA.job
- d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-13 03:14]

2010-05-07 d:\windows\Tasks\OGALogon.job
- d:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - d:\documents and settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p7p11fwb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: d:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: d:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 16:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-1682526488-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:91,a1,f6,b3,e6,97,7c,db,03,5a,e3,d7,9b,21,28,3c,ac,aa,fd,6c,57,7e,9e,
9c,31,64,f2,2f,53,76,37,dd,07,d7,77,32,ac,7d,30,cb,4e,63,39,b9,c6,1f,98,e5,\
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
d:\windows\system32\WININET.dll
d:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(968)
d:\windows\system32\WININET.dll
.
Completion time: 2010-05-07 16:49:22
ComboFix-quarantined-files.txt 2010-05-07 20:49
ComboFix2.txt 2010-05-06 20:58

Pre-Run: 2,679,975,936 bytes free
Post-Run: 2,744,020,992 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - 469B38B1E1DC9085D433ECFA76C2D395




2. I've updated Java

3. I'll keep an eye out for the pop ups and link changing it happened while I was surfing and I never knew when it would happen.

#9 DoubleJ29

DoubleJ29
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 07 May 2010 - 04:41 PM

It didn't seem to work, I was surfing, maybe 10 min after and got a pop up from onlyspecialoffers.info site. That is usually the site that pops up most of the time. Did not get any google redirects but that happens randomly it seems.

Also what I've noticed last night is after a while sometimes a non generic win32k process error occurs and I can't control the sound on my computer, I believe it says there's no drivers installed, but after I restart it works fine.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:33 AM

Posted 07 May 2010 - 04:45 PM

Go to start > Run copy/paste the following line in the run box and click OK.

sc delete rk_remover

A window flashes, it is normal.

I'll wait for a while for your response. Please make sure you avoid using those p2p programs, we don't certainly want a new infection. smile.gif




#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:33 AM

Posted 07 May 2010 - 04:52 PM

Our post crossed each other. Please do the step in the previous post.
Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Set Services to All.
  • Set Drivers to All.
  • Copy and paste or type the following in the Custom Scans/Fixes:

    %systemroot%\system32\*.dll /lockedfiles /all
    %systemroot%\system32\drivers\*.sys /lockedfiles /all


  • Click Run Scan button.
  • Two reports will open, attach them to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#12 DoubleJ29

DoubleJ29
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 07 May 2010 - 05:04 PM

Both are attached

Attached Files



#13 DoubleJ29

DoubleJ29
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 07 May 2010 - 05:14 PM

Just an FYI, I found this thread http://www.bleepingcomputer.com/forums/ind...offers&st=0 and it seems like that person has similar problems. It's probably not the same exact infection, but might give you some ideas or help you since that one seemed to be resolved.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:33 AM

Posted 07 May 2010 - 05:46 PM

The thread you mention is a different type of infection and the logs are showing the infection. Your is different and the logs are silent about it.

Could you check if the pop ups are both in Firefox and IE ?
  1. Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      CODE
      :otl
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
      O15 - HKU\S-1-5-21-1275210071-1682526488-725345543-500\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O15 - HKU\S-1-5-21-1275210071-1682526488-725345543-500\..Trusted Domains: turbotax.com ([]https in Trusted sites)

    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.

  2. Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  3. Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      CODE
      :regfind
      ieframe.dll
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt


#15 DoubleJ29

DoubleJ29
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 07 May 2010 - 11:22 PM

I get a pop up as soon as I open Firefox as it loads up all my previous tabs. I haven't surfed on IE very long but I'll keep a look out.

1. ========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1275210071-1682526488-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1275210071-1682526488-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05082010_001344



2. GooredFix by jpshortstuff (08.01.10.1)
Log created at 00:15 on 08/05/2010 (Administrator)
Firefox version 3.6.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

D:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:22 25/11/2006]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [05:11 23/11/2008]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [21:02 07/05/2010]

D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p7p11fwb.default\extensions\
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2) [10:06 30/11/2008]
{20a82645-c095-46ed-80e3-08825760534b}(2) [21:58 27/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [06:25 22/08/2009]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="D:\Program Files\AVG\AVG9\Firefox" [04:27 27/01/2010]
"jqs@sun.com"="D:\Program Files\Java\jre6\lib\deploy\jqs\ff" [21:02 07/05/2010]

-=E.O.F=-



3. SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 00:15 on 08/05/2010 by Administrator (Administrator - Elevation successful)

========== regfind ==========

Searching for "ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098870b6-39ea-480b-b8b5-dd0167c4db59}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{098870b6-39ea-480b-b8b5-dd0167c4db59}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10BCEB99-FAAC-4080-B2FA-D07CD671EEF2}\InprocServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10BCEB99-FAAC-4080-B2FA-D07CD671EEF2}\InprocServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11016101-E366-4D22-BC06-4ADA335C892B}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B4F54B1-3D6D-11d0-8258-00C04FD5AE38}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B4F54B1-3D6D-11d0-8258-00C04FD5AE38}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30D02401-6A81-11d0-8274-00C04FD5AE38}\DefaultIcon]
@="D:\WINDOWS\system32\ieframe.dll,8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30D02401-6A81-11d0-8274-00C04FD5AE38}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30D02401-6A81-11d0-8274-00C04FD5AE38}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4356b08e-ecb5-43d1-8e9f-7bef4fc960fe}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4356b08e-ecb5-43d1-8e9f-7bef4fc960fe}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DFED3F9-B794-4d3c-973B-DDA1C28105A9}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DFED3F9-B794-4d3c-973B-DDA1C28105A9}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55136805-B2DE-11D1-B9F2-00A0C98BC547}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55136805-B2DE-11D1-B9F2-00A0C98BC547}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64AB4BB7-111E-11d1-8F79-00C04FC2FBE1}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64AB4BB7-111E-11d1-8F79-00C04FC2FBE1}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7057e952-bd1b-11d1-8919-00c04fc2c836}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7057e952-bd1b-11d1-8919-00c04fc2c836}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BD29E00-76C1-11CF-9DD0-00A0C9034933}\DefaultIcon]
@="D:\WINDOWS\system32\ieframe.dll,-20780"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BD29E00-76C1-11CF-9DD0-00A0C9034933}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BD29E00-76C1-11CF-9DD0-00A0C9034933}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EE0A24E-A8C6-46ae-A875-8E7C3D18AEAF}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EE0A24E-A8C6-46ae-A875-8E7C3D18AEAF}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
"InfoTip"="@D:\WINDOWS\system32\ieframe.dll.mui,-881"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
"InfoTip"="@D:\WINDOWS\system32\ieframe.dll.mui,-881"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\DefaultIcon]
@="D:\WINDOWS\system32\ieframe.dll,-190"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\ToolboxBitmap32]
@="D:\WINDOWS\system32\ieframe.dll, 257"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6E6079-0CB7-11d2-8F10-0000F87ABD16}\InprocServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6E6079-0CB7-11d2-8F10-0000F87ABD16}\InprocServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B0EFD60-F7B0-11D0-BAEF-00C04FC308C9}\InprocServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B0EFD60-F7B0-11D0-BAEF-00C04FC308C9}\InprocServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c7a1728-b694-427a-94a2-a1b2c60f0360}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c7a1728-b694-427a-94a2-a1b2c60f0360}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae90e550-0443-47fb-a001-4875648d4ed3}\InprocServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae90e550-0443-47fb-a001-4875648d4ed3}\InprocServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5efd803-50f8-43cd-9ab8-aafc1394c9e0}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5efd803-50f8-43cd-9ab8-aafc1394c9e0}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2E760C5-BF0D-4241-BFD6-6D0AAB648AC9}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2E760C5-BF0D-4241-BFD6-6D0AAB648AC9}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAB22AC3-30C1-11CF-A7EB-0000C05BAE0B}\ToolboxBitmap32]
@="D:\WINDOWS\system32\ieframe.dll, 257"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE0BDDFA-8373-4cc4-85D8-0618E453187C}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE0BDDFA-8373-4cc4-85D8-0618E453187C}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\DefaultIcon]
@="D:\WINDOWS\system32\ieframe.dll,-20785"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\opennew]
"MUIVerb"="@D:\WINDOWS\system32\ieframe.dll.mui,-5731"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\opennew]
"MUIVerb"="@D:\WINDOWS\system32\ieframe.dll.mui,-5731"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InternetShortcut\shell\open\command]
@=""D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\ieframe.dll",OpenURL %l"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell\opennew]
"MUIVerb"="@D:\WINDOWS\system32\ieframe.dll.mui,-5731"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mhtmlfile\shell\opennew]
"MUIVerb"="@D:\WINDOWS\system32\ieframe.dll.mui,-5731"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32]
@="D:\WINDOWS\system32\ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\naom]
"MUIVerb"="@D:\WINDOWS\system32\ieframe.dll.mui,-39229"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://ieframe.dll/navcancl.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\10]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\10]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\10]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\10]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\10]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\28]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\28]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\28]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\28]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\28]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\35]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\35]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\35]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\35]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB976325-IE8\Filelist\35]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\10]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\10]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\10]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\10]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\10]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\27]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\27]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\27]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\27]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\27]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\34]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\34]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\34]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\34]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB978207-IE8\Filelist\34]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\11]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\11]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\11]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\11]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\11]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\29]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\29]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\29]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\29]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\29]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\34]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\34]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\34]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\34]
"FileName"="ieframe.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB980182-IE8\Filelist\34]
"FileName"="ieframe.dll"

-=End Of File=-

Edited by DoubleJ29, 07 May 2010 - 11:23 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users