Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FireFox Browser Hijacked


  • This topic is locked This topic is locked
3 replies to this topic

#1 Kaylin

Kaylin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 PM

Posted 07 August 2010 - 07:25 PM

Alright, so my browser is Hijacked and does the following.

Redirects links of specific sites that the parasite identifies as popular. IE: Yahoo.answers, YouTube, etc.. To a reported attack site.
The reported attack site (I tested on a Virtual Machine inside a Non-Used PC) Downloads a program called WireShark or some Fake Security system that blocks all controls and Hijacks the windows security settings.. Now, I tend to be pretty good at viruses and removing them but I have only been self-learning for about 3 - 4 years and I am 16.. So, I need some professionals who have done this and know exactly what they are doing. I have read topics on here so I already know the drill.. Here are the logs.

ADDITIONAL INFORMATION:

It seems that right after a fresh reboot of the system and my Anti-Virus (Trend Micro Security Pro) is running the links do not get redirected until a little while later. So either it is set on a schedule or my Anti-Virus blocks it for the time being until it is able to find another way to get through.

Reported Attack Site Links

QUOTE
hxxp://n-traff.com/clickn.php?fb=WVRveU9udHpPamc2SW5WelpYSmtZWFJoSWp0aE9qRTRPbnR6T2pnNkltWmxaV1JmYzJWMElqdHpPakU2SWpJaU8zTTZOem9pYzNWaVlXWm1kQ0k3Y3pvek9pSXlNREFpTzNNNk56b2liR2x6ZEY5cFpDSTdjem96TWpvaVpqazNZbVF3Tm1JME9EVTBZVFJoTXprNE16TTVOR0V4WTJFeE5qWTBOMk1pTzNNNk9Eb2lZMnhwWTJ0ZmFXUWlPM002TXpJNklqSXdaamcwT1RReFl6aGpNbUpoTVdWaFlUbGhZekE0TW1Oa05XRTJNV1E0SWp0ek9qazZJbXhwYzNSZmRHbHRaU0k3Y3pveE9Ub2lNakF4TUMwd09DMHdOeUF5TURveE5qb3pOU0k3Y3pvek9pSjFjbXdpTzNNNk5qUTZJbWgwZEhBNkx5OWhZV0V0Y0d4aFkyVXVZMjl0TDNObFlYSmphQzV3YUhBL2NqMDBKbkU5ZDI5eWJHUXJiMllyZDJGeVkzSmhablFtU1VROU1UZ3lOVFFpTzNNNk5Eb2lhM0J3YVNJN2N6bzFPaUl4TnpnNE9TSTdjem95T2lKcFpDSTdjem8yT2lJeE1UWXdOemtpTzNNNk56b2lhMlY1ZDI5eVpDSTdjem94TnpvaWQyOXliR1FnYjJZZ2QyRnlZM0poWm5RaU8zTTZNam9pYVhBaU8zTTZNVFE2SWpFeUxqRTVNaTR4TnpjdU1UUTFJanR6T2pFeU9pSmpiM1Z1ZEhKNVgyTnZaR1VpTzNNNk1qb2lWVk1pTzNNNk16b2lZV1ptSWp0ek9qVTZJakU0TWpVMElqdHpPalk2SW5OMVltRm1aaUk3Y3pveU9pSXhNQ0k3Y3pvek9pSmlhV1FpTzNNNk5Eb2lNQzR3TVNJN2N6bzNPaUp0WVhoZlkzQmpJanR6T2pRNklqQXVNREVpTzNNNk9Ub2labWw0WldSZlkzQmpJanR6T2pFNklqQWlPM002TmpvaVkyRmphR1ZrSWp0cE9qQTdjem94TXpvaVlXUjJaWEowYVhObGNsOXBaQ0k3Y3pvME9pSXhNek00SWp0OWN6b3pPaUp0WkRVaU8zTTZNekk2SWpFNU5qY3hNalZpTjJVeFl6SXhNak0yTTJZM1lqWTRaR1ppTUdVNU56UXhJanQ5&b=MC4wMQ==&p=Mg==


hxxp://64.111.212.234/c.php?s=eNolVEvPsswS_EEkz1wYmGHxLkAFvKCIct2cAMOogAgqKIQf_5mcRXfSlepUp1OpckYMK2RGcHZK_TPDP4j-3zBEEDJIMcQyojPH2phZx0uG4wvH5hjLm2vSHP_NMGOYiTxlnFBMBeGp4EJhLFM1tVAL-r9cSwuGiMgozHOhwQyin6JCilT-gZDPsjrjudi3PDDf02OKfVAKih6oMhg4Wb7WRNsDafVLyXVLW_iHMNR3u_BcYEn42sGxOfX2k9Hiksqf6J0WZwDk60OAt2YlRfSk_fItL6en3GcuCN5AdWvctRv7PXju1R2EmUEJ3ftj6xN5TPhYvE_2tK79_L54SM4Ly8HrEwopUVKOdvzrX3Iu-cdu9MYv6oHJl0M8HqRlMj3fh3oRfRTfKqotCq1sfX4NClC1V2q7C8gTb_kR262PQ_M4aay91yQ8jHfDBstno3lUNdGkcOkqasfdnqyzO7jFuI5IebhISKueykVZSZfmrub8OX2uQwlWCZ6q8ub2hb3Kp-jEpcKMJY9Wl2u9f90XjnwR-kRt-yDBV2YZI-16J5aqdqwcV9oTrYsX-nDYFHpw2_Wp763Cx708nx7lbtTBK59Oy7Lrb25-kPqCxu378VmrifZASx1wL2avq5l3itevCOb8sV41-pc9WISy774Ut00zyUkAfY1Fjm8f0ifFOX-f3t0OWl14w563CDv7g78BqtdN8eHk3qfB62SIJ90bZTV42aAWMHXH6Ikis_JUNxDH1L2Vp_KG2EnpELXPBMOjpqK22VWbnVF1ubGYEOzGAIvqZ82jsFi9PN0d2j2M5xp9SrywS7w_DmobMKOhQwVApvBHTDKyYoGWJCa7Fxpmp0BaJ7Y8-IVCYVYH8lkfRv0UgD5WUYOTCD0MMBqab9L9XqD1JFU96rpbuPEGyfPqSX8q63R6JYr0feJVMq2U1wEwAxAqvs9L6VtuK7XApvVwjp0zKD8robepMP1SvqGvS6B6QsYS6FRvwLYHErfF4bx5b3m4FvsoB9-h29YDuIFclVcDMHYvYu-lBInF8FVby6PQIYewyBtgTTBFqSPa6SMP33rbBNb4jhTA1DMGzYZqON7I75rokqXxnkwfOja-zExaMPMnZn19Pr2MISxlz8b3r3N1pY37jFu6WpcCt_rzOwFiR07ZtJDfvCVlC3EunBXrjkC2dyk57ooVuzRy5sTah3B1LMLXdSKLlTt9UvMOxnvwTViXZJuG_A4yX_0Aylpyq-jsb6vj5d-_GeE_pP2K0j9ElHmm5E-Bfwj9RohnOP8yJMfBNb_vH7toX8ey12aY9Gmo3LOR_faRChmaEWVM-9HhLM-JFZSZ_ONGmzJdKGWG4b9ZhjQXKs1VnBGhMv573C--VExTIStFms9yqmZQiDSVeYopZYVGGJWJhoqcoILh_wCvYbS5&rf=http%3A%2F%2Fdecosearch.com%2Fsearch%3Fq%3Dworld%2Bof%2Bwarcraft




OTL - LOGFILE
=========
QUOTE
OTL logfile created on: 8/7/2010 4:03:01 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop\Files\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 241.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 38.05 Gb Free Space | 51.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-3C949AB24
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/07 16:02:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Files\Downloads\OTL.exe
PRC - [2010/07/22 19:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/22 19:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/01/26 00:40:32 | 001,020,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2010/01/26 00:39:46 | 000,715,368 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2010/01/04 17:59:46 | 000,083,280 | ---- | M] () -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
PRC - [2009/11/10 22:30:46 | 005,808,128 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2009/11/03 15:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/11/03 15:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/11/03 15:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/11/03 15:35:14 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/11/03 15:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/10/20 00:11:52 | 000,616,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/29 10:29:12 | 000,492,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
PRC - [2009/07/29 09:28:36 | 000,689,416 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/07/29 09:28:36 | 000,345,352 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/07/29 09:28:12 | 000,497,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/07/27 02:30:25 | 000,157,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\platformdependent\ProToolbarComm.exe
PRC - [2009/07/24 18:06:46 | 000,329,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
PRC - [2009/07/24 18:02:47 | 000,185,680 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/07 16:02:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Files\Downloads\OTL.exe
MOD - [2009/07/29 10:29:12 | 000,128,264 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (mysql)
SRV - File not found [Auto | Stopped] -- C:\D2-Server\PvPGN\D2GS\D2GSSVC.exe -- (D2GS)
SRV - [2010/05/02 21:41:30 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/01/26 00:39:46 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/11/12 10:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/10 22:30:46 | 005,808,128 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (root)
SRV - [2009/11/03 15:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/11/03 15:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2009/11/03 15:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/11/03 15:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/07/29 09:28:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/07/29 09:28:36 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/07/29 09:28:12 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - [2010/06/04 10:26:23 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/12/04 09:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 09:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 09:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/11/26 01:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/10/26 05:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/07/29 10:07:00 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/07/29 10:07:00 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/07/29 10:07:00 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/29 10:07:00 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/07/29 10:07:00 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/14 05:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/23 17:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/06/01 13:57:18 | 000,178,176 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/05/30 16:50:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A B2 D3 33 CE 4B 2C 46 B6 28 08 C0 87 FD 22 15 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A B2 D3 33 CE 4B 2C 46 B6 28 08 C0 87 FD 22 15 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A B2 D3 33 CE 4B 2C 46 B6 28 08 C0 87 FD 22 15 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A B2 D3 33 CE 4B 2C 46 B6 28 08 C0 87 FD 22 15 [binary data]

IE - HKU\S-1-5-21-1547161642-115176313-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/
IE - HKU\S-1-5-21-1547161642-115176313-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3A B2 D3 33 CE 4B 2C 46 B6 28 08 C0 87 FD 22 15 [binary data]
IE - HKU\S-1-5-21-1547161642-115176313-1801674531-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1547161642-115176313-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {24a1bb4d-1237-48fd-bb1c-960ff0f430c3}:1.0
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1126


FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/08/06 17:18:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/06 15:55:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/06 15:55:15 | 000,000,000 | ---D | M]

[2010/03/13 22:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/03/13 22:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/06 22:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ikxyvsab.default\extensions
[2010/05/15 15:09:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ikxyvsab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/06 17:24:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ikxyvsab.default\extensions\{24a1bb4d-1237-48fd-bb1c-960ff0f430c3}
[2010/03/21 20:45:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ikxyvsab.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/11 20:13:07 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ikxyvsab.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010/04/01 17:26:30 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ikxyvsab.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010/05/15 20:12:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ikxyvsab.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/06 20:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {33D3B23A-4BCE-462C-B628-08C087FD2215} - File not found
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {67A76475-4BCE-462C-B628-08C087FD2215} - File not found
O2 - BHO: (e47bc7aa) - {909B3496-4A63-E522-EC55-4EBAA2D23815} - File not found
O2 - BHO: (no name) - {CF4EC8EB-4BCE-462C-B628-08C087FD2215} - File not found
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKU\S-1-5-21-1547161642-115176313-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-115176313-1801674531-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1547161642-115176313-1801674531-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-1547161642-115176313-1801674531-1003..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1547161642-115176313-1801674531-1003..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-115176313-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-115176313-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-1547161642-115176313-1801674531-1003\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\940897ff976: DllName - - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/13 11:15:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{912c583c-4f05-11df-8a22-001302553e62}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{912c583c-4f05-11df-8a22-001302553e62}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{912c583c-4f05-11df-8a22-001302553e62}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{912c583c-4f05-11df-8a22-001302553e62}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{912c583c-4f05-11df-8a22-001302553e62}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{d8a40581-f684-11de-8972-0016418a11c3}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{d8a40581-f684-11de-8972-0016418a11c3}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{d8a40581-f684-11de-8972-0016418a11c3}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{d8a40581-f684-11de-8972-0016418a11c3}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{d8a40581-f684-11de-8972-0016418a11c3}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e62dc7de-0aaf-11df-8978-0016418a11c3}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e62dc7de-0aaf-11df-8978-0016418a11c3}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e62dc7de-0aaf-11df-8978-0016418a11c3}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e62dc7de-0aaf-11df-8978-0016418a11c3}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{e62dc7de-0aaf-11df-8978-0016418a11c3}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/07 04:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/06 22:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\LimeWire
[2010/08/06 20:17:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/08/06 17:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Trend Micro
[2010/08/06 17:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro
[2010/08/06 17:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Trend Micro
[2010/08/06 17:17:45 | 000,158,224 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/08/06 17:17:45 | 000,059,920 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2010/08/06 17:17:45 | 000,050,704 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2010/08/06 17:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2010/08/06 17:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/06 06:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Animaniacs
[2010/08/06 05:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\scdata
[2010/08/03 18:32:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32
[2010/08/03 14:30:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\641396888
[2010/08/03 14:30:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Application Data\SystemProc
[2010/07/29 23:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/07/29 16:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/07/29 16:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2010/07/16 16:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Skype
[2010/07/16 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/16 16:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Skype
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/07 14:02:31 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/08/07 14:02:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/07 14:01:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/07 14:01:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/07 14:00:46 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/07 14:00:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/07 05:20:06 | 005,337,248 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/07 03:34:49 | 000,476,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Female to Male Voice.mp3
[2010/08/06 17:35:39 | 000,011,264 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2010/08/06 17:29:58 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\336107519
[2010/08/06 17:17:23 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security Pro.lnk
[2010/08/06 17:09:24 | 000,000,099 | ---- | M] () -- C:\WINDOWS\System32\448890f8
[2010/08/06 16:43:55 | 000,004,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000004f47f22f976P.manifest
[2010/08/06 16:11:42 | 000,000,138 | ---- | M] () -- C:\WINDOWS\System32\sl632902973
[2010/08/06 15:55:17 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/06 15:55:17 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/06 06:52:17 | 000,000,195 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000004f47f22f976O.manifest
[2010/08/06 06:44:20 | 000,003,820 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2010/08/06 06:36:47 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000004f47f22f976S.manifest
[2010/08/06 06:36:46 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\020000004f47f22f976C.manifest
[2010/08/06 06:10:02 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/06 06:10:02 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/06 05:40:58 | 000,000,571 | -HS- | M] () -- C:\WINDOWS\System32\1146668975
[2010/08/04 21:27:16 | 003,085,056 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Phones-And-Hitmen.mp3
[2010/08/03 14:30:17 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/08/03 13:19:49 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/07/29 17:19:59 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/29 16:23:37 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/07/29 16:23:37 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/07/28 20:58:21 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/26 23:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32(2).dll
[2010/07/19 10:12:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/07 03:28:51 | 000,476,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Female to Male Voice.mp3
[2010/08/06 17:34:30 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010/08/06 17:17:23 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security Pro.lnk
[2010/08/06 15:55:17 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/06 15:55:17 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/04 21:10:55 | 003,085,056 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Phones-And-Hitmen.mp3
[2010/08/04 07:14:20 | 007,602,176 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/03 18:41:22 | 000,003,820 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2010/08/03 18:34:10 | 000,000,571 | -HS- | C] () -- C:\WINDOWS\System32\1146668975
[2010/08/03 18:34:09 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\336107519
[2010/08/03 18:32:47 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\sl632902973
[2010/08/03 14:37:07 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\448890f8
[2010/08/03 14:30:17 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/08/03 12:22:16 | 000,004,177 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000004f47f22f976P.manifest
[2010/08/03 12:22:16 | 000,000,195 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000004f47f22f976O.manifest
[2010/08/03 12:22:16 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000004f47f22f976C.manifest
[2010/08/03 12:22:16 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\020000004f47f22f976S.manifest
[2010/07/29 17:33:12 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/07/29 17:33:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/07/29 16:23:37 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/07/29 16:23:37 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/07/02 12:11:29 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2010/06/16 01:23:15 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/06/12 04:47:07 | 000,847,360 | ---- | C] () -- C:\WINDOWS\System32\JS32.dll
[2010/06/07 16:16:43 | 000,000,860 | ---- | C] () -- C:\WINDOWS\my.ini
[2010/06/05 12:02:35 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010/06/04 13:36:32 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/06/04 10:26:22 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/01 17:26:20 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/03/18 00:25:28 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/19 15:56:07 | 000,000,318 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2010/01/31 02:45:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/01/28 20:44:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/11/13 11:33:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1207 bytes -> C:\Program Files\Common Files\Microsoft Shared:Cqf9bevN8DpYhPbQQaZ9
@Alternate Data Stream - 1176 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:nSNXxpIV84k2oKfDkIvGIgq8Gi
@Alternate Data Stream - 1170 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ZOOqY3mtzHhZc0YRjPAdIY8zVGB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 1034 bytes -> C:\Documents and Settings\Owner\Local Settings\Application Data\ypdA8gin:KUGZRCDicwPUfinKPq
< End of report >










EXTRAS - LOGFILE

QUOTE
OTL Extras logfile created on: 8/7/2010 4:03:01 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop\Files\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 241.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 38.05 Gb Free Space | 51.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-3C949AB24
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1547161642-115176313-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56136:TCP" = 56136:TCP:*:Enabled:Pando Media Booster
"56136:UDP" = 56136:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"56136:TCP" = 56136:TCP:*:Enabled:Pando Media Booster
"56136:UDP" = 56136:UDP:*:Enabled:Pando Media Booster
"4681:TCP" = 4681:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AdventNet\ME\OpManager\mysql\bin\mysqld-nt.exe" = C:\Program Files\AdventNet\ME\OpManager\mysql\bin\mysqld-nt.exe:*:Enabled:mysqld-nt -- File not found
"C:\Program Files\Autodesk\Maya2010\bin\maya.exe" = C:\Program Files\Autodesk\Maya2010\bin\maya.exe:*:Enabled:Maya -- (Autodesk)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = E:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"E:\World of Warcraft\Launcher.exe" = E:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\AeriaGames\WolfTeam\Wolfteam.bin" = C:\AeriaGames\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam -- (Softnyx Co., Ltd.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04EB078A-3E53-4728-ABE9-90CCB164CE68}" = Autodesk Toxik 2010
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{310AFA6B-094D-45DA-8389-4712074B6A22}" = Maya 2010
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38F2E726-1FF5-4AAB-96AD-CAB5079E8846}" = Autodesk DirectConnect 2010
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CAA4788-85E1-4bd6-890E-09B4BE3CD3D1}" = Maya 2010 Documentation (en_US)
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1.3
"{3D41B5F3-14A9-440D-8C52-79BCDE5A79A4}" = Autodesk MatchMover 2010
"{4160A344-5848-4332-919F-0CB063822AA3}" = Dell Mobile Broadband Card Utility
"{425237F8-CE69-4A09-9EAC-1C91F19D6BC8}" = MySQL Server 5.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel® PROSet/Wireless WiFi Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{92B79901-C57D-409F-8D2F-4E5337383569}" = OpenOffice.org 3.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeā„¢ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Animaniacs_is1" = Animaniacs
"ASIO4ALL" = ASIO4ALL
"Cakewalk RgcAudio z3ta Plus v1.5.2 VSTi DXi REPACK" = Cakewalk RgcAudio z3ta Plus v1.5.2 VSTi DXi REPACK
"CCleaner" = CCleaner
"FL Studio 9" = FL Studio 9
"HDMI" = Intel® Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire PRO 5.2.13
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"PoiZone" = PoiZone
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 9.0
"ProInst" = Intel PROSet Wireless
"RollerCoaster Tycoon Setup" = Roll
"Sakura" = Sakura
"Sawer" = Sawer
"SQLyog" = SQLyog Trial 8.32
"ST6UNST #1" = Hero Editor V1.03
"TeamViewer 5" = TeamViewer 5
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WolfTeam" = WolfTeam
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2010 8:56:55 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 8:56:55 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 9:59:55 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 9:59:55 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 10:50:56 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 10:50:56 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 11:38:30 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 11:38:30 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 11:38:30 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 11:38:30 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ Application Events ]
Error - 6/28/2010 8:56:55 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 8:56:55 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 9:59:55 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 9:59:55 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 10:50:56 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 10:50:56 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 11:38:30 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 11:38:30 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 11:38:30 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/28/2010 11:38:30 PM | Computer Name = OWNER-3C949AB24 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.


< End of report >

Edited by Orange Blossom, 08 August 2010 - 03:31 AM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:31 AM

Posted 15 August 2010 - 12:57 PM

Hello, Kaylin.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.
We need to run Defogger
  1. Please download DeFogger to your desktop.
  2. Double click DeFogger to run the tool.
  3. The application window will appear
  4. Click the Disable button to disable your CD Emulation drivers
  5. Click Yes to continue
  6. A 'Finished!' message will appear
  7. Click OK
  8. DeFogger will now ask to reboot the machine - click OK
Note: If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until the end of the fix.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
We need to run an Anti-Rootkit (ARK) scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

If GMER crashes, hangs or blue-screens, do the following
  1. Please Download Rootkit Unhooker Save it to your desktop.
  2. Now double-click on RKUnhookerLE.exe to run it.
  3. Click the Report tab, then click Scan.
  4. Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  5. Wait till the scanner has finished and then click File, Save Report.
  6. Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.
Note:You may get this warning. If so, please ignore it.
"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"


In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log/RKUnhooker log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:31 AM

Posted 18 August 2010 - 04:38 AM

Hello Kaylin
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:31 AM

Posted 19 August 2010 - 11:37 PM

Due to lack of feedback, this topic has been closed. If you need this topic reopened, please send me a PM with the address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users