Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google's redirecting & ads playing in the background


  • Please log in to reply
21 replies to this topic

#1 zeroonetwo

zeroonetwo

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 19 April 2011 - 03:12 PM

I recently had the Windows Recovery malware, and I got rid of it through multiple uses of MalwareBytes' Anti Malware & Spybot search and destroy, however my browser is still redirecting and these ads are still playing in the background.
Posted Image (Sorry about the whitespace)

i know the forums specifically says to not run it unless i was asked but... i was recommended it by someone else and just ran it hoping it would fix my problem, but yes i did run combofix already. I would post the log from combofix but i am not sure where it is located.

Here is this MBAM log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6387

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

4/18/2011 10:59:04 AM
mbam-log-2011-04-18 (10-59-04).txt

Scan type: Quick scan
Objects scanned: 150809
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Suraj\AppData\Local\dcg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Suraj\AppData\Local\dcg.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Suraj\AppData\Local\dcg.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Suraj\AppData\Local\dcg.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Suraj\local settings\application data\dcg.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\Users\Suraj\local settings\application data\vvu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I finally found the combofix log... it was right there in C:\

ComboFix 11-04-18.04 - Suraj 04/19/2011 11:08:10.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.1175 [GMT -4:00]
Running from: c:\users\Suraj\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Install.exe
c:\users\Suraj\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 )))))))))))))))))))))))))))))))
.
.
2011-04-19 15:19 . 2011-04-19 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-19 02:28 . 2011-04-19 15:19 -------- d-----w- c:\users\Suraj\AppData\Local\temp
2011-04-18 17:30 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-18 17:30 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-18 17:30 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-18 17:30 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-18 17:30 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-18 17:30 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-18 17:30 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-18 17:30 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-18 05:32 . 2011-04-18 05:32 -------- d-----w- c:\users\Suraj\AppData\Roaming\Malwarebytes
2011-04-18 05:31 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 05:31 . 2011-04-19 05:28 -------- d-----w- c:\programdata\Malwarebytes
2011-04-18 05:31 . 2011-04-19 05:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 20:29 . 2010-01-13 21:48 230752 ----a-w- c:\windows\patchw32.dll
2011-04-09 20:29 . 2010-01-13 21:48 118176 ----a-w- c:\windows\patchw.dll
2011-04-09 20:14 . 2011-04-18 15:11 -------- d-----w- c:\program files\Outspark
2011-04-02 21:18 . 2011-04-02 21:18 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-04-01 00:24 . 2011-01-19 21:47 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-01 00:24 . 2011-04-01 00:24 -------- d-----w- c:\program files\CPUID
2011-03-29 19:39 . 2011-04-19 05:30 -------- d-----w- c:\program files\Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 17:47 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-23 17:46 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-18 17:53 . 2011-04-18 17:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-16 1242448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"F.lux"="c:\users\Suraj\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico [2011-1-29 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Suraj^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Suraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 16:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-03-28 19:41 1910152 ----a-w- c:\program files\Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-22 158736]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 42960]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-11-23 718072]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 109328]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 120208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Suraj\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: {3E3C2F05-AA23-49F3-A8E7-9048A30E096A} = 167.206.254.1,167.206.254.2
FF - ProfilePath - c:\users\Suraj\AppData\Roaming\Mozilla\Firefox\Profiles\bvwvbkob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.gamefaqs.com | www.animetake.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2118035500-1299257689-4155580720-1000\Software\SecuROM\License information*]
"datasecu"=hex:89,36,1b,c3,89,05,6c,3e,67,49,ae,2e,04,fc,53,82,0d,19,9a,b7,cd,
3f,e9,88,cf,86,76,cb,29,5c,c1,b6,5f,36,7f,7b,27,93,6d,49,32,be,ff,46,a6,9b,\
"rkeysecu"=hex:92,2b,10,c1,44,e8,9d,0a,d0,4b,a7,9a,60,21,d4,46
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2468)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\System32\ntlanman.dll
c:\windows\System32\davclnt.dll
.
Completion time: 2011-04-19 11:20:56
ComboFix-quarantined-files.txt 2011-04-19 15:20
ComboFix2.txt 2011-04-19 02:29
.
Pre-Run: 684,790,603,776 bytes free
Post-Run: 684,903,645,184 bytes free
.
- - End Of File - - 0BE178753732B1B2589AB23C2CC6AEBB

Merged posts. ~ OB

Edited by Orange Blossom, 27 April 2011 - 05:27 PM.


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 29 April 2011 - 07:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 zeroonetwo

zeroonetwo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 29 April 2011 - 06:46 PM

Woo, thanks for the reply!, don't worry about the response delay and stuff, i'm just glad to be finally on track to fixing this silly thing

it's very closely linked to my explorer.exe (the random ads at least, i have no idea whats up with the redirects)

DDS log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Suraj at 19:13:37.28 on Fri 04/29/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.980 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Hamachi\hamachi-2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Suraj\Local Settings\Apps\F.lux\flux.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zune\Zune.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Suraj\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [F.lux] "c:\users\suraj\local settings\apps\f.lux\flux.exe" /noshow
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\suraj\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{20a36691-b09b-4ef2-a371-64a5bd265e20}\IcoUltraMon.ico
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\suraj\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {3E3C2F05-AA23-49F3-A8E7-9048A30E096A} = 167.206.254.1,167.206.254.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockfree\ODMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\suraj\appdata\roaming\mozilla\firefox\profiles\bvwvbkob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.gamefaqs.com | www.animetake.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-3-31 22504]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\hamachi\hamachi-2.exe [2011-3-28 1242504]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-11-30 2222376]
R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-10-22 718072]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-10-22 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
.
=============== Created Last 30 ================
.
2011-04-20 23:42:39 -------- d-----w- c:\users\suraj\appdata\local\ODUI
2011-04-20 23:42:29 -------- d-----w- c:\users\suraj\appdata\roaming\Stardock
2011-04-20 23:42:23 -------- d-----w- c:\users\suraj\appdata\local\Stardock
2011-04-20 23:42:17 -------- dc-h--w- c:\progra~2\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2011-04-20 23:42:13 -------- d-----w- c:\program files\Stardock
2011-04-20 23:41:56 -------- d-----w- c:\users\suraj\appdata\local\PackageAware
2011-04-19 21:17:04 -------- d-----w- c:\progra~2\Nexon
2011-04-19 21:12:52 -------- d-----w- c:\program files\BandiMPEG1
2011-04-19 21:08:34 -------- d-----w- C:\Nexon
2011-04-19 21:07:10 -------- d-----w- c:\progra~2\NexonUS
2011-04-19 15:20:19 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-19 02:28:15 -------- d-----w- c:\users\suraj\appdata\local\temp
2011-04-19 02:18:55 98816 ----a-w- c:\windows\sed.exe
2011-04-19 02:18:55 89088 ----a-w- c:\windows\MBR.exe
2011-04-19 02:18:55 256512 ----a-w- c:\windows\PEV.exe
2011-04-19 02:18:55 161792 ----a-w- c:\windows\SWREG.exe
2011-04-18 17:30:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-18 17:30:11 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-18 17:30:11 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-18 17:30:11 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-18 17:30:11 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-18 17:30:11 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-18 17:30:11 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-18 17:30:11 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-18 05:32:02 -------- d-----w- c:\users\suraj\appdata\roaming\Malwarebytes
2011-04-18 05:31:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 05:31:57 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-18 05:31:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 20:29:07 230752 ----a-w- c:\windows\patchw32.dll
2011-04-09 20:29:06 118176 ----a-w- c:\windows\patchw.dll
2011-04-09 20:14:00 -------- d-----w- c:\program files\Outspark
2011-04-02 21:18:43 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-04-01 00:24:18 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-01 00:24:17 -------- d-----w- c:\program files\CPUID
.
==================== Find3M ====================
.
2011-04-02 21:18:43 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-02 21:18:43 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-02 21:18:43 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-02 21:18:43 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-04-02 21:18:43 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-02 21:18:43 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-04-02 21:18:43 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-02 21:18:43 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-02 21:18:43 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-02 21:18:42 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-02 21:18:42 3181568 ----a-w- c:\windows\system32\mf.dll
2011-04-02 21:18:42 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-04-02 21:18:42 107520 ----a-w- c:\windows\system32\cdd.dll
.
============= FINISH: 19:14:35.97 ===============


And the GMER Log:

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-29 19:42:54
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 WDC_WD10EARS-00Y5B1 rev.80.00A80
Running: gmer.exe; Driver: C:\Users\Suraj\AppData\Local\Temp\awdiqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A4C579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A70F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Tunngle\TnglCtrl.exe[1916] ntdll.dll!DbgBreakPoint 76DE3540 1 Byte [90]
.text C:\Windows\Explorer.EXE[2656] WININET.dll!HttpAddRequestHeadersA 76BC1B9C 5 Bytes JMP 004518D5
.text C:\Windows\Explorer.EXE[2656] WININET.dll!HttpAddRequestHeadersW 76C0F7A8 5 Bytes JMP 00451A9D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Zune\ZuneLauncher.exe[2932] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74EA5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[2932] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74EA5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[2932] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74EA5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Zune\ZuneLauncher.exe[2932] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74EA5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74EA5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3248] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74EA5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3248] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74EA5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74EA5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\msiexec.exe[3248] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74EA5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:268] 85A7DE7A
Thread System [4:272] 85A80008

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 PM

Posted 30 April 2011 - 09:17 PM

Hello zeroonetwo,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

2.
Please delete your copy of Combofix from your desktop and do the following.


Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
Combofix.txt
Are you able to Burn CD's and have a USB Flash Drive available?
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 zeroonetwo

zeroonetwo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 01 May 2011 - 12:20 PM

Hey fireman4it, thank you for the help

Here is my combofix log:

ComboFix 11-04-30.06 - Suraj 05/01/2011 12:57:04.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.1282 [GMT -4:00]
Running from: c:\users\Suraj\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Suraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
c:\users\Suraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
c:\users\Suraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-05-01 17:04 . 2011-05-01 17:06 -------- d-----w- c:\users\Suraj\AppData\Local\temp
2011-05-01 17:04 . 2011-05-01 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-01 15:31 . 2011-05-01 15:31 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-05-01 15:31 . 2011-05-01 15:31 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-05-01 15:31 . 2011-05-01 15:31 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-05-01 15:31 . 2011-05-01 15:31 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-05-01 15:31 . 2011-05-01 15:31 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-05-01 15:31 . 2011-05-01 15:31 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-05-01 15:31 . 2011-05-01 15:31 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-05-01 15:31 . 2011-05-01 15:31 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-05-01 15:31 . 2011-05-01 15:31 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-05-01 15:31 . 2011-05-01 15:31 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-05-01 15:31 . 2011-05-01 15:31 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-05-01 15:31 . 2011-05-01 15:31 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-05-01 15:30 . 2011-05-01 15:30 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-05-01 15:30 . 2011-05-01 15:30 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-05-01 15:30 . 2011-05-01 15:30 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-05-01 15:30 . 2011-05-01 15:30 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-05-01 15:30 . 2011-05-01 15:30 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-04-20 23:42 . 2011-04-20 23:42 -------- d-----w- c:\users\Suraj\AppData\Local\ODUI
2011-04-20 23:42 . 2011-04-20 23:42 -------- d-----w- c:\users\Suraj\AppData\Roaming\Stardock
2011-04-20 23:42 . 2011-04-20 23:42 -------- d-----w- c:\users\Suraj\AppData\Local\Stardock
2011-04-20 23:42 . 2011-04-20 23:42 -------- dc-h--w- c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2011-04-20 23:42 . 2011-04-20 23:42 -------- d-----w- c:\program files\Stardock
2011-04-20 23:41 . 2011-04-20 23:41 -------- d-----w- c:\users\Suraj\AppData\Local\PackageAware
2011-04-19 21:17 . 2011-04-19 21:17 -------- d-----w- c:\programdata\Nexon
2011-04-19 21:12 . 2011-04-19 21:12 -------- d-----w- c:\program files\BandiMPEG1
2011-04-19 21:08 . 2011-04-19 21:08 -------- d-----w- C:\Nexon
2011-04-18 17:30 . 2011-04-29 23:11 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-18 17:30 . 2011-04-29 23:11 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-18 17:30 . 2011-04-29 23:11 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-18 17:30 . 2011-04-29 23:11 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-18 17:30 . 2011-04-29 23:11 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-18 17:30 . 2011-04-29 23:11 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-18 17:30 . 2011-04-29 23:11 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-18 17:30 . 2011-04-29 23:11 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-18 05:32 . 2011-04-18 05:32 -------- d-----w- c:\users\Suraj\AppData\Roaming\Malwarebytes
2011-04-18 05:31 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 05:31 . 2011-04-19 05:28 -------- d-----w- c:\programdata\Malwarebytes
2011-04-18 05:31 . 2011-04-19 05:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 20:29 . 2010-01-13 21:48 230752 ----a-w- c:\windows\patchw32.dll
2011-04-09 20:29 . 2010-01-13 21:48 118176 ----a-w- c:\windows\patchw.dll
2011-04-09 20:14 . 2011-04-18 15:11 -------- d-----w- c:\program files\Outspark
2011-04-02 21:18 . 2011-04-02 21:18 801792 ----a-w- c:\windows\system32\FntCache.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 17:47 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-23 17:46 . 2009-08-18 16:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-29 23:11 . 2011-04-18 17:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-16 1242448]
"F.lux"="c:\users\Suraj\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Suraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico [2011-1-29 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Suraj^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Suraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 16:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-03-28 19:41 1910152 ----a-w- c:\program files\Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-22 158736]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 42960]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-11-23 718072]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 109328]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 120208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Suraj\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: {3E3C2F05-AA23-49F3-A8E7-9048A30E096A} = 167.206.254.1,167.206.254.2
FF - ProfilePath - c:\users\Suraj\AppData\Roaming\Mozilla\Firefox\Profiles\bvwvbkob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.gamefaqs.com | www.animetake.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2118035500-1299257689-4155580720-1000\Software\SecuROM\License information*]
"datasecu"=hex:44,e1,f0,86,05,f7,0b,f7,3b,0d,4f,0b,de,d1,f6,73,89,4a,89,9a,ea,
e3,0f,5d,33,bd,7a,a0,5d,ac,e1,1b,ec,21,5b,13,0c,0f,f0,77,f0,fe,f4,bb,e8,c7,\
"rkeysecu"=hex:bf,38,8e,36,73,8f,70,20,4d,7e,6e,03,47,e6,78,65
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-01 13:07:48
ComboFix-quarantined-files.txt 2011-05-01 17:07
ComboFix2.txt 2011-04-19 15:20
ComboFix3.txt 2011-04-19 02:29
.
Pre-Run: 682,665,029,632 bytes free
Post-Run: 683,496,095,744 bytes free
.
- - End Of File - - 2DD2C57D23A2A7B2580F0F77FF790B32

Yep I can burn CD's and DVD's and I also have flash drives laying around.

My computer is still running the same, script error popups and background ads, and i believe google is still redirecting, but as of RIGHT NOW it isnt redirecting, but that doesn't mean it stopped, sometimes it doesnt redirect for a while then goes right back to it.

#6 zeroonetwo

zeroonetwo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 07 May 2011 - 08:20 AM

Hey, sorry to rush you or anything, but i'm just wondering if you've forgotten about me since its been a week since your last post

#7 zeroonetwo

zeroonetwo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 11 May 2011 - 06:25 PM

A week and a half bump...

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 PM

Posted 12 May 2011 - 04:24 PM

Hello,


I'm truly sorry. Your topic somehow got overlooked.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    volsnap.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply::
TDSSKiller log
OTl.txt
Extra.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 zeroonetwo

zeroonetwo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 13 May 2011 - 11:47 PM

Hello, it's alright, i'm just glad to be back on track to fixing this.

TDSSkiller is not working at all, ive tried renaming it and everything.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 PM

Posted 14 May 2011 - 10:07 AM

Hello,

Can you burn CD's and have access to a USB Flash Drive?

1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Please also go ahead and run OTL

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 zeroonetwo

zeroonetwo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 15 May 2011 - 05:28 PM

ok that works, thanks.

aswMBR.txt:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-15 09:17:40
-----------------------------
09:17:40.506 OS Version: Windows 6.1.7600
09:17:40.506 Number of processors: 4 586 0xF0B
09:17:40.507 ComputerName: SURAJS-PC UserName: Suraj
09:17:47.042 Initialize success
09:17:54.646 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
09:17:54.648 Disk 0 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 3
09:17:56.656 Disk 0 MBR read successfully
09:17:56.658 Disk 0 MBR scan
09:17:56.660 Disk 0 Windows 7 default MBR code
09:17:58.664 Disk 0 scanning sectors +1953521664
09:17:58.697 Disk 0 scanning C:\Windows\system32\drivers
09:18:02.059 Service scanning
09:18:02.946 Disk 0 trace - called modules:
09:18:02.956 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85aa51ed]<<
09:18:02.959 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858e01e0]
09:18:02.963 3 CLASSPNP.SYS[88f8e59e] -> nt!IofCallDriver -> [0x85782918]
09:18:02.967 5 ACPI.sys[88ab43b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0x85792908]
09:18:02.971 \Driver\atapi[0x857726d8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85aa51ed
09:18:02.987 Scan finished successfully
09:18:18.674 Disk 0 MBR has been saved successfully to "C:\Users\Suraj\Desktop\MBR.dat"
09:18:18.679 The log file has been saved successfully to "C:\Users\Suraj\Desktop\aswMBR.txt"

===================================================================================================================
OTL.txt

OTL logfile created on: 5/15/2011 9:18:54 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Suraj\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 631.67 Gb Free Space | 67.81% Space Free | Partition Type: NTFS

Computer Name: SURAJS-PC | User Name: Suraj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 00:45:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Suraj\Desktop\OTL.exe
PRC - [2011/04/29 19:11:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi-2.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/11/30 13:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/25 22:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/11/22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe
PRC - [2010/09/24 13:19:08 | 000,206,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\Zune.exe
PRC - [2010/07/09 19:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/14 00:45:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Suraj\Desktop\OTL.exe
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/14 00:37:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/11/30 13:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/22 23:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/07/09 19:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/01/19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/12/22 16:31:36 | 000,109,328 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/12/22 16:31:34 | 000,158,736 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/12/22 16:31:34 | 000,120,208 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/12/22 16:31:34 | 000,042,960 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/07/09 18:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/03 15:56:56 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/11/14 04:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 54 B9 35 74 01 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.gamefaqs.com | www.animetake.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12pre20110206
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 19:11:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 01:30:31 | 000,000,000 | ---D | M]

[2010/09/02 00:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Suraj\AppData\Roaming\Mozilla\Extensions
[2011/05/15 00:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Suraj\AppData\Roaming\Mozilla\Firefox\Profiles\bvwvbkob.default\extensions
[2011/04/19 01:30:44 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Suraj\AppData\Roaming\Mozilla\Firefox\Profiles\bvwvbkob.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/04/19 01:30:44 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Suraj\AppData\Roaming\Mozilla\Firefox\Profiles\bvwvbkob.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/19 01:29:06 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Users\Suraj\AppData\Roaming\Mozilla\Firefox\Profiles\bvwvbkob.default\extensions\runtime@panda3d.org
[2010/09/02 16:05:11 | 000,001,819 | ---- | M] () -- C:\Users\Suraj\AppData\Roaming\Mozilla\Firefox\Profiles\bvwvbkob.default\searchplugins\bing.xml
[2011/04/19 01:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/19 01:30:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/04/19 01:30:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\SURAJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BVWVBKOB.DEFAULT\EXTENSIONS\{6DD0BDBA-0A02-429E-B595-87A7DFDCA7A1}.XPI
() (No name found) -- C:\USERS\SURAJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BVWVBKOB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SURAJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BVWVBKOB.DEFAULT\EXTENSIONS\{F701C26A-479A-4724-B4F1-870DB12F063C}.XPI
() (No name found) -- C:\USERS\SURAJ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BVWVBKOB.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011/04/29 19:11:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/02 21:27:20 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 06:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Suraj\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Suraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Suraj\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.199,93.188.160.170
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 09:17:21 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Suraj\Desktop\aswMBR.exe
[2011/05/14 10:43:57 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Suraj\Desktop\tdsskiller.exe
[2011/05/14 00:45:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Suraj\Desktop\OTL.exe
[2011/05/12 20:13:38 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Desktop\SRP Stuff
[2011/05/10 21:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2011/05/10 21:46:28 | 000,000,000 | ---D | C] -- C:\Users\Suraj\AppData\Roaming\Audacity
[2011/05/10 21:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2011/05/07 13:13:04 | 000,000,000 | ---D | C] -- C:\Users\Suraj\AppData\Local\ElevatedDiagnostics
[2011/05/07 12:14:26 | 000,000,000 | ---D | C] -- C:\Users\Suraj\AppData\Local\Diagnostics
[2011/05/03 16:44:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/01 19:41:31 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Desktop\carshow
[2011/05/01 13:07:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/01 13:07:49 | 000,000,000 | ---D | C] -- C:\Users\Suraj\AppData\Local\temp
[2011/05/01 12:53:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/29 19:18:37 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Documents\gmer
[2011/04/25 11:13:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/20 20:06:38 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Documents\TooManyItems
[2011/04/20 19:42:39 | 000,000,000 | ---D | C] -- C:\Users\Suraj\AppData\Local\ODUI
[2011/04/20 19:42:29 | 000,000,000 | ---D | C] -- C:\Users\Suraj\AppData\Roaming\Stardock
[2011/04/20 19:42:23 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Documents\Stardock
[2011/04/20 19:42:23 | 000,000,000 | ---D | C] -- C:\Users\Suraj\AppData\Local\Stardock
[2011/04/20 19:42:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
[2011/04/20 19:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2011/04/20 19:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2011/04/20 19:41:56 | 000,000,000 | ---D | C] -- C:\Users\Suraj\AppData\Local\PackageAware
[2011/04/19 17:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2011/04/19 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Documents\Vindictus
[2011/04/19 17:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2011/04/19 17:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2011/04/19 17:08:34 | 000,000,000 | ---D | C] -- C:\Nexon
[2011/04/19 17:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2011/04/19 11:00:37 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Documents\tdsskiller
[2011/04/19 10:26:45 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\Suraj\Desktop\Rooter.exe
[2011/04/18 22:18:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/18 22:18:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/18 22:18:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/18 22:18:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/18 22:18:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/18 01:32:02 | 000,000,000 | ---D | C] -- C:\Users\Suraj\AppData\Roaming\Malwarebytes
[2011/04/18 01:31:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/18 01:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/18 01:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/18 01:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 00:36:20 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Documents\SurvivalIslandv1
[2011/04/16 20:25:48 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Documents\PropertyReader v1.20
[2011/04/16 20:22:33 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Documents\ModLoader
[2011/04/16 20:18:59 | 000,000,000 | ---D | C] -- C:\Users\Suraj\Documents\GlassLight

========== Files - Modified Within 30 Days ==========

[2011/05/15 09:18:18 | 000,000,512 | ---- | M] () -- C:\Users\Suraj\Desktop\MBR.dat
[2011/05/15 09:17:24 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Suraj\Desktop\aswMBR.exe
[2011/05/14 10:43:58 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Suraj\Desktop\tdsskiller.exe
[2011/05/14 00:45:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Suraj\Desktop\OTL.exe
[2011/05/14 00:44:33 | 000,013,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 00:44:33 | 000,013,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/14 00:37:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/14 00:37:19 | 1608,679,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 00:36:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011/05/12 20:53:46 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/12 20:53:46 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/10 22:01:33 | 000,097,405 | ---- | M] () -- C:\Users\Suraj\Desktop\lilwaynering.mp3
[2011/05/10 21:54:39 | 000,049,348 | ---- | M] () -- C:\Users\Suraj\Desktop\themoney.mp3
[2011/05/10 21:46:19 | 000,001,016 | ---- | M] () -- C:\Users\Suraj\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/05/07 09:28:32 | 220,122,640 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/01 12:51:17 | 004,334,469 | R--- | M] () -- C:\Users\Suraj\Desktop\ComboFix.exe
[2011/04/29 19:43:20 | 000,002,002 | ---- | M] () -- C:\Users\Suraj\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 19:13:28 | 000,625,664 | ---- | M] () -- C:\Users\Suraj\Desktop\dds.scr
[2011/04/29 12:45:36 | 000,301,568 | ---- | M] () -- C:\Users\Suraj\Desktop\gmer.exe
[2011/04/21 23:01:54 | 000,007,596 | ---- | M] () -- C:\Users\Suraj\AppData\Local\Resmon.ResmonCfg
[2011/04/20 19:42:23 | 000,002,046 | ---- | M] () -- C:\Users\Suraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2011/04/20 14:32:21 | 000,000,538 | ---- | M] () -- C:\Users\Suraj\Documents\cc_20110420_143218.reg
[2011/04/19 17:12:55 | 000,000,207 | ---- | M] () -- C:\Users\Public\Desktop\Vindictus.url
[2011/04/19 12:50:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2011/04/19 10:26:47 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\Suraj\Desktop\Rooter.exe
[2011/04/18 13:30:13 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/18 13:28:13 | 000,192,539 | ---- | M] () -- C:\Users\Suraj\Desktop\bookmarks.html
[2011/04/18 13:28:08 | 000,075,713 | ---- | M] () -- C:\Users\Suraj\Desktop\bookmarks-2011-04-18.json
[2011/04/18 11:09:02 | 000,045,252 | ---- | M] () -- C:\Users\Suraj\Documents\cc_20110418_110859.reg
[2011/04/18 10:48:26 | 000,009,880 | -HS- | M] () -- C:\ProgramData\438o7362iiuj6587r
[2011/04/18 10:48:25 | 000,009,880 | -HS- | M] () -- C:\Users\Suraj\AppData\Local\438o7362iiuj6587r
[2011/04/18 01:31:58 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/05/15 09:18:18 | 000,000,512 | ---- | C] () -- C:\Users\Suraj\Desktop\MBR.dat
[2011/05/10 22:01:32 | 000,097,405 | ---- | C] () -- C:\Users\Suraj\Desktop\lilwaynering.mp3
[2011/05/10 21:54:39 | 000,049,348 | ---- | C] () -- C:\Users\Suraj\Desktop\themoney.mp3
[2011/05/10 21:46:19 | 000,001,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/05/10 21:46:19 | 000,001,016 | ---- | C] () -- C:\Users\Suraj\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/05/01 12:51:12 | 004,334,469 | R--- | C] () -- C:\Users\Suraj\Desktop\ComboFix.exe
[2011/04/29 19:13:27 | 000,625,664 | ---- | C] () -- C:\Users\Suraj\Desktop\dds.scr
[2011/04/29 12:45:36 | 000,301,568 | ---- | C] () -- C:\Users\Suraj\Desktop\gmer.exe
[2011/04/25 11:13:22 | 220,122,640 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/21 23:01:54 | 000,007,596 | ---- | C] () -- C:\Users\Suraj\AppData\Local\Resmon.ResmonCfg
[2011/04/20 19:42:23 | 000,002,046 | ---- | C] () -- C:\Users\Suraj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2011/04/20 14:32:20 | 000,000,538 | ---- | C] () -- C:\Users\Suraj\Documents\cc_20110420_143218.reg
[2011/04/19 17:12:55 | 000,000,207 | ---- | C] () -- C:\Users\Public\Desktop\Vindictus.url
[2011/04/19 12:50:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2011/04/18 22:18:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/18 22:18:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/18 22:18:55 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/18 22:18:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/18 22:18:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/18 13:30:12 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/18 13:28:13 | 000,192,539 | ---- | C] () -- C:\Users\Suraj\Desktop\bookmarks.html
[2011/04/18 13:28:08 | 000,075,713 | ---- | C] () -- C:\Users\Suraj\Desktop\bookmarks-2011-04-18.json
[2011/04/18 11:09:00 | 000,045,252 | ---- | C] () -- C:\Users\Suraj\Documents\cc_20110418_110859.reg
[2011/04/18 01:48:03 | 000,009,880 | -HS- | C] () -- C:\Users\Suraj\AppData\Local\438o7362iiuj6587r
[2011/04/18 01:48:03 | 000,009,880 | -HS- | C] () -- C:\ProgramData\438o7362iiuj6587r
[2011/04/18 01:31:58 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/09 16:29:07 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/04/09 16:29:06 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/12/26 21:49:09 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/29 02:13:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010/10/23 22:45:36 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/02 18:10:55 | 000,019,456 | ---- | C] () -- C:\Users\Suraj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,659,580 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,120,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/04/20 12:33:42 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\.minecraft
[2010/09/02 01:58:01 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\acccore
[2011/05/10 22:01:38 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\Audacity
[2011/04/19 01:29:04 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\COWON
[2011/03/06 13:23:03 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/05 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\LolClient
[2010/09/22 22:43:01 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\Need for Speed World
[2010/11/27 14:06:49 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\ooVoo Details
[2011/04/20 19:42:29 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\Stardock
[2010/12/06 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\Subversion
[2011/04/19 01:30:44 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\SystemRequirementsLab
[2011/04/19 01:30:44 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\TeamViewer
[2011/04/19 01:30:44 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\Tunngle
[2011/04/19 01:30:44 | 000,000,000 | ---D | M] -- C:\Users\Suraj\AppData\Roaming\uTorrent
[2010/12/19 12:47:05 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows.old\Windows\System32\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows.old\Windows\System32\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows.old\Windows\System32\drivers\volsnap.sys
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\volsnap.sys

< %systemroot%\*. /mp /s >

< End of report >

=============================================

Extras.txt

OTL Extras logfile created on: 5/15/2011 9:18:54 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Suraj\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 631.67 Gb Free Space | 67.81% Space Free | Partition Type: NTFS

Computer Name: SURAJS-PC | User Name: Suraj | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20A36691-B09B-4EF2-A371-64A5BD265E20}" = UltraMon
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{17591192-46BD-4038-8D12-4B2B8CAFAC27}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C12A198C-E751-4729-839A-8FA07CF941C1}_is1" = Dragonica
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2ED9361-BA49-4BDC-9A1D-0EA9CAA0881D}" = Oracle VM VirtualBox 4.0.0
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DDD9B4E6-EEB7-4030-B141-F0E0C5429851}" = YVD
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"18 Wheels of Steel Pedal to the Metal" = 18 Wheels of Steel Pedal to the Metal
"AbiWord2" = AbiWord 2.8.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.27091
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ObjectDock Free" = ObjectDock Free
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"Silkroad" = Silkroad
"SJSRO 1.091 by bogmaerke" = SJSRO 1.091 by bogmaerke
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1250" = Killing Floor
"Steam App 12840" = DiRT 2
"Steam App 12900" = Audiosurf
"Steam App 17410" = Mirror's Edge
"Steam App 215" = Source SDK Base 2006
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"TeamViewer 6" = TeamViewer 6
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Vindictus" = Vindictus
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2011 11:20:37 PM | Computer Name = Surajs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.210.7, time stamp:
0x4c41764e Faulting module name: nvoglv32.DLL, version: 8.17.12.5896, time stamp:
0x4c37909c Exception code: 0xc0000005 Fault offset: 0x0063dcb1 Faulting process id:
0x155c Faulting application start time: 0x01cc0b9c8eb4e715 Faulting application path:
C:\Program Files\Java\jre6\bin\javaw.exe Faulting module path: C:\Windows\system32\nvoglv32.DLL
Report
Id: cf9765a2-778f-11e0-8e72-001cc0536e37

Error - 5/5/2011 11:20:47 PM | Computer Name = Surajs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.210.7, time stamp:
0x4c41764e Faulting module name: nvoglv32.DLL, version: 8.17.12.5896, time stamp:
0x4c37909c Exception code: 0xc0000005 Fault offset: 0x0063dcb1 Faulting process id:
0x1184 Faulting application start time: 0x01cc0b9c9557a292 Faulting application path:
C:\Program Files\Java\jre6\bin\javaw.exe Faulting module path: C:\Windows\system32\nvoglv32.DLL
Report
Id: d53dda4c-778f-11e0-8e72-001cc0536e37

Error - 5/6/2011 10:26:33 PM | Computer Name = Surajs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.210.7, time stamp:
0x4c41764e Faulting module name: nvoglv32.DLL, version: 8.17.12.5896, time stamp:
0x4c37909c Exception code: 0xc0000005 Fault offset: 0x0063dcb1 Faulting process id:
0xf74 Faulting application start time: 0x01cc0c5e29a46aa1 Faulting application path:
C:\Program Files\Java\jre6\bin\javaw.exe Faulting module path: C:\Windows\system32\nvoglv32.DLL
Report
Id: 6c08d9d7-7851-11e0-8e72-001cc0536e37

Error - 5/7/2011 11:34:27 PM | Computer Name = Surajs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SC2.exe, version: 1.3.2.18317, time stamp:
0x4d9a0bfe Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xdc8 Faulting application
start time: 0x01cc0d30a2b10949 Faulting application path: C:\Program Files\StarCraft
II\Versions\Base18092\SC2.exe Faulting module path: unknown Report Id: 12d935ed-7924-11e0-ad9b-001cc0536e37

Error - 5/7/2011 11:35:41 PM | Computer Name = Surajs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.210.7, time stamp:
0x4c41764e Faulting module name: nvoglv32.DLL, version: 8.17.12.5896, time stamp:
0x4c37909c Exception code: 0xc0000005 Fault offset: 0x0063dcb1 Faulting process id:
0x1080 Faulting application start time: 0x01cc0d30f9f6a530 Faulting application path:
C:\Program Files\Java\jre6\bin\javaw.exe Faulting module path: C:\Windows\system32\nvoglv32.DLL
Report
Id: 3ef12366-7924-11e0-ad9b-001cc0536e37

Error - 5/8/2011 12:32:27 AM | Computer Name = Surajs-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 5/10/2011 8:19:49 PM | Computer Name = Surajs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Zune.exe, version: 4.7.1404.0, time stamp:
0x4c9cf81b Faulting module name: ZuneShell.ni.dll, version: 4.7.1404.0, time stamp:
0x4c9cf740 Exception code: 0xc0000005 Fault offset: 0x002ed4d5 Faulting process id:
0x104c Faulting application start time: 0x01cc0f7120c72e41 Faulting application path:
C:\Program Files\Zune\Zune.exe Faulting module path: C:\Windows\assembly\NativeImages_v2.0.50727_32\ZuneShell\0b49f56543f08592c795bd471cc87058\ZuneShell.ni.dll
Report
Id: 61ab0422-7b64-11e0-ad9b-001cc0536e37

Error - 5/14/2011 12:43:47 AM | Computer Name = Surajs-PC | Source = MsiInstaller | ID = 11730
Description =

Error - 5/14/2011 1:52:03 AM | Computer Name = Surajs-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 5/14/2011 10:48:35 AM | Computer Name = Surajs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.210.7, time stamp:
0x4c41764e Faulting module name: nvoglv32.DLL, version: 8.17.12.5896, time stamp:
0x4c37909c Exception code: 0xc0000005 Fault offset: 0x0063dcb1 Faulting process id:
0x1578 Faulting application start time: 0x01cc1245fc4f9e6c Faulting application path:
C:\Program Files\Java\jre6\bin\javaw.exe Faulting module path: C:\Windows\system32\nvoglv32.DLL
Report
Id: 3e2e3da7-7e39-11e0-a225-001cc0536e37

[ System Events ]
Error - 5/13/2011 1:13:15 AM | Computer Name = Surajs-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/13/2011 1:13:29 PM | Computer Name = Surajs-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/14/2011 12:37:25 AM | Computer Name = Surajs-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/14/2011 12:37:30 AM | Computer Name = Surajs-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/14/2011 12:37:31 AM | Computer Name = Surajs-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/14/2011 12:38:12 AM | Computer Name = Surajs-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 5/14/2011 12:38:12 AM | Computer Name = Surajs-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 5/14/2011 12:40:09 AM | Computer Name = Surajs-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/14/2011 12:38:00 PM | Computer Name = Surajs-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 5/15/2011 12:37:38 AM | Computer Name = Surajs-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
=================================================

Yes i can burn CDs and I have USB flash drives around.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 PM

Posted 15 May 2011 - 06:35 PM

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh.
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -f
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    volsnap.sys

  • Press Enter
  • If succesful, the script will search this file.
  • After it has finished a report will be located in the USB drive as filefind.txt

Please note - all text entries are case sensitive

Copy and paste the filefind.txt for my review

Edited by fireman4it, 15 May 2011 - 06:35 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 zeroonetwo

zeroonetwo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 15 May 2011 - 08:17 PM

Before I do this I would like to let you know that about an hour ago, another antivirus malware installed itself on my computer. I scanned and removed most of it with Spybot and the rest with MBAM. Here's teh MBAM log.:


Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/15/2011 8:31:50 PM
mbam-log-2011-05-15 (20-31-50).txt

Scan type: Quick scan
Objects scanned: 147944
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Suraj\AppData\Local\ahequvacaxoj.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Suraj\AppData\Local\pCSMSR.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vqoyenipavu (Trojan.Hiloti) -> Value: Vqoyenipavu -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gfipu (Trojan.Hiloti) -> Value: Gfipu -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YgslssmSaaRn (Rogue.Installer.Gen) -> Value: YgslssmSaaRn -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1557F686-26EC-4CD4-970E-7FE7045A1EE7}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31896C0F-E9DE-4C43-8180-0925A6B8431B}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31896C0F-E9DE-4C43-8180-0925A6B8431B}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C0B4EE8D-E8BF-4655-A739-DC0F60DCE5EC}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Suraj\AppData\Local\ahequvacaxoj.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Suraj\AppData\Local\pCSMSR.dll (Trojan.Hiloti) -> Delete on reboot.
c:\programdata\ygslssmsaarn.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Suraj\AppData\Local\temp\0.3632222179902995.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Suraj\local settings\application data\ahequvacaxoj.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Suraj\local settings\application data\pCSMSR.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Suraj\local settings\application data\psn.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Suraj\AppData\Roaming\Adobe\plugs\mmc136.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 PM

Posted 15 May 2011 - 08:44 PM

Hello,

Why are you running things without my prior consent. Please only run the things I suggest. Doing anything I haven't said could cause adverse effects. You have a severe rootkit which we need to take care of first. You will keep getting reinfected if you keep using this machine until we rid the machine of the rootkit..

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 zeroonetwo

zeroonetwo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 16 May 2011 - 02:28 PM

ohhhhhhhhhhhhhhh oh god sorry, this is the only computer i have easy access to and my instincts were to do that, ill stop running anything without your consent, sorry.

should I continue doing the GETxPUD.exe things?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users