Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked Browser (Redirected)


  • This topic is locked This topic is locked
24 replies to this topic

#1 computerman1015

computerman1015

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 05 June 2011 - 11:37 AM

Hello everybody:

On the "Am I infected? What do I do?" forum, I was told by boopme to come here.

Here is the link to my other topic which brought me here.

I have prepared my post to include all details necessary. I would ask if you would kindly read my previous topic as to view what programs I have used to attempt to fix this problem.

I'd like to add that I've tried using MBAM, Super Anti Spyware, Trend Micro, etc. before asking my question on bleepingcomputer, on the other thread. This thread was made because boopme redirected me, but if anyone could offer assistance it'd be appreciated greatly.

EDIT: Posts merged ~Budapest

Could anyone bee able to assist me?

EDIT: Please be patient. There are over 330 unanswered topics in this forum at present and the current average wait time to receive help is 10 days. ~Budapest

Attached Files


Edited by Budapest, 07 June 2011 - 04:13 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:02 PM

Posted 11 June 2011 - 11:05 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 computerman1015

computerman1015
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 11 June 2011 - 05:42 PM

Thank you SweetTech and I completely understand the wait time, considering there have been 330 unnanswered topics according to Budapest. I appreciate the time you take to help out complete strangers. You guys are awesome.

The RKUnhookerLE file opens up perfectly, but when I scan it and add the modifications you've mentioned, it scans Drivers but gets stuck in Stealth Codes (it switches to tabs depending on what it's scanning). Eventually, it just terminates. I don't know what happens, it just self-terminates. So I wasn't able to compile a log for this.


As for the OTL logs:

1). OTL.txt Log (OTL)

OTL logfile created on: 6/11/2011 6:44:15 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Chary\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 636.82 Mb Available Physical Memory | 62.73% Memory free
2.48 Gb Paging File | 1.92 Gb Available in Paging File | 77.22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 40.27 Gb Free Space | 36.02% Space Free | Partition Type: NTFS

Computer Name: PAVANSCOMP | User Name: Chary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 18:24:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chary\Desktop\OTL.exe
PRC - [2011/05/06 17:41:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/11/08 12:40:56 | 000,715,440 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2010/09/27 15:55:14 | 000,689,416 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2010/09/27 15:55:13 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/01/26 03:40:32 | 001,020,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe


========== Modules (SafeList) ==========

MOD - [2011/06/11 18:24:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chary\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/16 08:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/11/08 12:40:56 | 000,715,440 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2010/09/27 15:55:14 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2010/09/27 15:55:13 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)


========== Driver Services (SafeList) ==========

DRV - [2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/10/20 18:33:04 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/10/20 18:32:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/09/27 15:55:23 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/07/30 13:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010/07/30 13:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010/07/30 13:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/19 14:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 14:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 14:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/25 00:02:56 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2007/02/27 09:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/01/29 11:48:22 | 000,016,896 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/10 16:15:03 | 000,000,000 | ---D | M]

[2010/07/03 17:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chary\Application Data\Mozilla\Extensions
[2010/05/23 18:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chary\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/07/03 19:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chary\Application Data\Mozilla\Firefox\Profiles\1v3db25v.default\extensions
[2010/07/03 19:39:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chary\Application Data\Mozilla\Firefox\Profiles\1v3db25v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/23 18:15:41 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2010/05/23 18:15:41 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2010/05/23 18:15:41 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2010/05/23 18:15:41 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010/05/23 18:15:41 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2010/05/23 18:15:41 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2010/05/23 18:15:41 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Chary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/06 18:59:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\Shell\AutoRun\command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\Shell\Shell00\Command - "" = F:\Autorun.exe /run
O33 - MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\Shell\Shell01\Command - "" = F:\Autorun.exe /action
O33 - MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 18:24:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chary\Desktop\OTL.exe
[2011/06/11 13:41:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chary\Recent
[2011/06/05 17:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chary\Desktop\fireflies_data
[2011/05/13 18:09:23 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/13 18:05:33 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/05/13 18:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/13 18:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/05/13 18:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/11/11 13:59:22 | 001,530,608 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.dll
[2010/11/11 13:59:22 | 001,395,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShell.dll
[2010/11/11 13:59:22 | 001,288,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXcontrols.dll
[2010/11/11 13:59:22 | 001,052,400 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDBApi.dll
[2010/11/11 13:59:22 | 000,645,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.renderapi.dll
[2010/11/11 13:57:04 | 000,300,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSrcWrp.dll
[2010/11/11 13:57:04 | 000,268,528 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneComm.exe
[2010/11/11 13:57:04 | 000,131,824 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Library.dll
[2010/11/11 13:57:04 | 000,130,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.ZuneHD.dll
[2010/11/11 13:57:04 | 000,126,192 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Classic.dll
[2010/11/11 13:57:04 | 000,026,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneTCP2UDP.dll
[2010/11/11 13:57:04 | 000,019,696 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneDTPTDNS.dll
[2010/11/11 13:57:04 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneCommProxyStub.dll
[2010/11/11 13:57:02 | 000,444,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWlanCfgSvc.exe
[2010/11/11 13:57:02 | 000,406,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSP.dll
[2010/11/11 13:57:02 | 000,156,400 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Mobile.dll
[2010/11/11 13:57:02 | 000,084,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneTaskbar.dll
[2010/11/11 13:57:00 | 000,059,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellExt.dll
[2010/11/11 13:56:56 | 016,873,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellResources.dll
[2010/11/11 13:56:56 | 000,836,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneService.dll
[2010/11/11 13:56:56 | 000,609,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSH.dll
[2010/11/11 13:56:56 | 000,016,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShare.exe
[2010/11/11 13:56:54 | 001,446,640 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSetup.exe
[2010/11/11 13:56:54 | 001,404,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneResources.dll
[2010/11/11 13:56:54 | 000,376,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSE.dll
[2010/11/11 13:56:54 | 000,123,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSA.dll
[2010/11/11 13:56:52 | 000,679,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneQP.dll
[2010/11/11 13:56:00 | 000,816,880 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMde.dll
[2010/11/11 13:56:00 | 000,018,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePS.dll
[2010/11/11 13:55:58 | 000,173,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDB.dll
[2010/11/11 13:55:58 | 000,056,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDXVA2.dll
[2010/11/11 13:55:56 | 007,401,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNativeLib.dll
[2010/11/11 13:55:56 | 006,351,600 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNss.exe
[2010/11/11 13:55:56 | 001,716,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEncEng.dll
[2010/11/11 13:55:56 | 001,351,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXrender.dll
[2010/11/11 13:55:56 | 001,027,824 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCore.dll
[2010/11/11 13:55:56 | 001,000,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneH264Dec.dll
[2010/11/11 13:55:56 | 000,615,664 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMBR.dll
[2010/11/11 13:55:56 | 000,298,736 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEvr.dll
[2010/11/11 13:55:56 | 000,206,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Zune.exe
[2010/11/11 13:55:56 | 000,111,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEffects.dll
[2010/11/11 13:55:56 | 000,057,072 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneBusEnum.exe
[2010/11/11 13:55:54 | 000,036,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEnc.exe
[2010/11/11 13:55:50 | 000,628,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZUNEMP4SDECD.dll
[2010/11/11 13:55:50 | 000,268,016 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNssci.dll
[2010/11/11 13:55:50 | 000,176,880 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneHost.exe
[2010/11/11 13:55:46 | 000,159,472 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneLauncher.exe
[2010/11/11 13:55:46 | 000,120,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePresenter.dll
[2010/11/11 13:55:46 | 000,110,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneAACDec.dll
[2010/11/11 13:55:46 | 000,030,960 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXsup.dll
[2010/11/11 13:55:44 | 001,084,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMarketplaceResources.dll
[2010/11/11 13:55:42 | 000,050,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCfg.dll
[2010/11/11 13:55:42 | 000,044,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneConfig.exe
[2010/09/24 11:11:36 | 000,222,720 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Program Files\l3codecp.acm
[2010/09/24 10:30:50 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll
[2010/09/24 10:30:50 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll
[2010/09/24 10:30:50 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll
[2007/08/27 15:56:58 | 001,089,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msidcrl40.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 18:46:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1645522239-1801674531-1003UA.job
[2011/06/11 18:45:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/11 18:24:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chary\Desktop\OTL.exe
[2011/06/11 17:40:13 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Chary\Desktop\RKUnhookerLE.EXE
[2011/06/11 13:41:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/11 11:46:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1645522239-1801674531-1003Core.job
[2011/06/11 10:00:07 | 000,029,245 | ---- | M] () -- C:\Documents and Settings\Chary\Desktop\map_over.gif
[2011/06/11 09:27:00 | 000,465,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/11 09:27:00 | 000,080,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/11 09:22:55 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1645522239-1801674531-1003.job
[2011/06/11 09:22:53 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1645522239-1801674531-1003.job
[2011/06/11 09:22:50 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/11 09:22:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/11 09:22:30 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/11 09:22:29 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\WDOOECK.job
[2011/06/11 09:22:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/10 18:06:27 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/10 18:06:27 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/10 15:40:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/03 15:01:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Chary\Desktop\Skype.lnk
[2011/05/31 20:26:46 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Chary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 16:04:16 | 000,089,088 | ---- | M] () -- C:\mbr.exe
[2011/05/29 10:00:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/05/23 19:48:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/14 11:10:55 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/13 18:09:21 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/13 18:09:20 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/05/13 18:05:41 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 17:40:21 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Chary\Desktop\RKUnhookerLE.EXE
[2011/06/11 13:41:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/11 10:00:12 | 000,029,245 | ---- | C] () -- C:\Documents and Settings\Chary\Desktop\map_over.gif
[2011/05/31 16:05:18 | 000,089,088 | ---- | C] () -- C:\mbr.exe
[2011/05/14 09:07:55 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/14 09:07:55 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/13 22:20:52 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/05/13 18:05:54 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/13 18:05:41 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/05/11 19:34:58 | 000,131,072 | RHS- | C] () -- C:\WINDOWS\System32\slextspkl.dll
[2011/04/17 17:12:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/10 18:19:01 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2011/04/10 18:18:58 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/03/27 19:48:50 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/03/27 19:48:50 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/03/27 19:48:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2011/03/20 09:22:01 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2010/10/11 18:25:58 | 000,000,608 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2010/10/11 18:25:58 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2010/09/24 10:32:26 | 000,000,659 | ---- | C] () -- C:\Program Files\Zune.exe.config
[2010/09/24 10:32:18 | 000,138,893 | ---- | C] () -- C:\Program Files\quickplaymap_nld.png
[2010/09/24 10:32:18 | 000,138,241 | ---- | C] () -- C:\Program Files\quickplaymap_ptb.png
[2010/09/24 10:32:18 | 000,138,239 | ---- | C] () -- C:\Program Files\quickplaymap_por.png
[2010/09/24 10:32:18 | 000,124,277 | ---- | C] () -- C:\Program Files\quickplaymap_deu.png
[2010/09/24 10:32:18 | 000,124,066 | ---- | C] () -- C:\Program Files\quickplaymap_ita.png
[2010/09/24 10:32:18 | 000,122,665 | ---- | C] () -- C:\Program Files\quickplaymap_frc.png
[2010/09/24 10:32:18 | 000,121,667 | ---- | C] () -- C:\Program Files\quickplaymap_esm.png
[2010/09/24 10:32:18 | 000,121,034 | ---- | C] () -- C:\Program Files\quickplaymap.png
[2010/09/24 10:32:18 | 000,118,456 | ---- | C] () -- C:\Program Files\softwaremap_ptb.png
[2010/09/24 10:32:18 | 000,113,696 | ---- | C] () -- C:\Program Files\softwaremap_por.png
[2010/09/24 10:32:18 | 000,112,268 | ---- | C] () -- C:\Program Files\softwaremap_nld.png
[2010/09/24 10:32:18 | 000,104,707 | ---- | C] () -- C:\Program Files\softwaremap_esm.png
[2010/09/24 10:32:18 | 000,103,753 | ---- | C] () -- C:\Program Files\softwaremap_deu.png
[2010/09/24 10:32:18 | 000,103,128 | ---- | C] () -- C:\Program Files\softwaremap_frc.png
[2010/09/24 10:32:18 | 000,102,831 | ---- | C] () -- C:\Program Files\softwaremap_ita.png
[2010/09/24 10:32:18 | 000,100,035 | ---- | C] () -- C:\Program Files\softwaremap.png
[2010/09/24 10:32:18 | 000,001,922 | ---- | C] () -- C:\Program Files\TopBar.gif
[2010/09/24 10:32:18 | 000,000,988 | ---- | C] () -- C:\Program Files\ZuneLogo.gif
[2010/09/24 10:32:18 | 000,000,631 | ---- | C] () -- C:\Program Files\Background.jpg
[2010/09/24 10:32:18 | 000,000,054 | ---- | C] () -- C:\Program Files\Arrow.gif
[2010/07/27 15:00:08 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/07/03 17:46:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/03 11:01:16 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2010/06/26 23:44:48 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\3A0BBF1AD0.sys
[2010/06/26 23:44:47 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/06/10 18:23:42 | 000,001,890 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/06/10 18:23:42 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D01ABF0B3A.sys
[2010/05/09 16:59:31 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Chary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 15:39:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/08 13:50:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/06 19:02:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 18:56:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/06 14:49:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/06 14:47:48 | 000,325,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,465,996 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,080,114 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مايكروسوفت

< End of report >



2.) Extras.txt (OTL)


OTL Extras logfile created on: 6/11/2011 6:44:15 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Chary\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 636.82 Mb Available Physical Memory | 62.73% Memory free
2.48 Gb Paging File | 1.92 Gb Available in Paging File | 77.22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 40.27 Gb Free Space | 36.02% Space Free | Partition Type: NTFS

Computer Name: PAVANSCOMP | User Name: Chary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1292428093-1645522239-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\Aptana\Aptana Studio 2.0\AptanaStudio.exe" = C:\Program Files\Aptana\Aptana Studio 2.0\AptanaStudio.exe:*:Enabled:AptanaStudio
"C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Chary\Local Settings\Temp\Rar$EX00.015\Major.League.Baseball.2K11.Crack.Only-RELOADED\Crack\mlb2k11.exe" = C:\Documents and Settings\Chary\Local Settings\Temp\Rar$EX00.015\Major.League.Baseball.2K11.Crack.Only-RELOADED\Crack\mlb2k11.exe:*:Enabled:2K Sports Major League Baseball 2K11
"C:\Documents and Settings\Chary\Desktop\Crack\mlb2k11.exe" = C:\Documents and Settings\Chary\Desktop\Crack\mlb2k11.exe:*:Enabled:2K Sports Major League Baseball 2K11
"C:\Program Files\2K Sports\Major League Baseball 2K11\Crack\mlb2k11.exe" = C:\Program Files\2K Sports\Major League Baseball 2K11\Crack\mlb2k11.exe:*:Enabled:2K Sports Major League Baseball 2K11 -- (2K Sports)
"C:\Program Files\EA SPORTS\MVP Baseball 2005\mvp2005.exe" = C:\Program Files\EA SPORTS\MVP Baseball 2005\mvp2005.exe:*:Enabled:mvp2005 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1012___is1" = Garritan ARIA Player v1.02
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C1AC5C7-76ED-4842-BF31-6D8E21EF29B6}" = KORG Legacy Collection - DIGITAL EDITION
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{55ACE462-F309-4650-BE4E-F1008D6D8726}" = Microsoft Visual Studio ProjectAggregator2
"{57ABE5FC-9E26-49E0-00A3-CF45D750B1AB}" = MVP Baseball 2005
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI 1.7
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9A03D32-2AA6-A61D-C7C4-9D7B058CC756}" = Adobe Story
"{AA0CBF76-BD8E-48C0-AE32-31684A629836}" = HP Broadband Wireless Modules
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F83C4B49-8313-4ADC-9E63-A07151421585}" = KORG USB-MIDI Driver Tools for Windows XP
"7-Zip" = 7-Zip 4.65
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM Search" = AIM Search
"ARIA Engine_is1" = ARIA Engine v1.0.9.8
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BitTorrent" = BitTorrent
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Castle Vox_is1" = Castle Vox 1.2
"CCleaner" = CCleaner
"Celtx (2.7)" = Celtx (2.7)
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX Setup
"DVDFab 8_is1" = DVDFab 8.0.8.5 (19/03/2011)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Finale 2008" = Finale 2008
"Finale 2011" = Finale 2011
"Finale Reader" = Finale Reader 2011
"Free Easy Burner_is1" = Free Easy Burner V 4.1
"Garritan Ambiance Installer" = Garritan Ambiance Installer
"Garritan Instruments for Finale" = Garritan Instruments for Finale
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hotkey Sound Recorder_is1" = Hotkey Sound Recorder 3.0
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Finale GPO 2.0" = Native Instruments Finale GPO 2.0
"NJStar Japanese WP" = NJStar Japanese WP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteWorthy Composer 2" = NoteWorthy Composer 2
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"Syncrosoft's License Control" = Syncrosoft's License Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.9
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1292428093-1645522239-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Chary
"{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}Chary_is1" = WinDS PRO 2011 (Chary)
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2011 10:14:24 PM | Computer Name = PAVANSCOMP | Source = Application Hang | ID = 1002
Description = Hanging application mvp2005.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/17/2011 5:27:35 PM | Computer Name = PAVANSCOMP | Source = Application Hang | ID = 1002
Description = Hanging application Skype.exe, version 5.3.0.108, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/24/2011 11:17:26 PM | Computer Name = PAVANSCOMP | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
msvcr80.dll, version 8.0.50727.5592, fault address 0x000173e3.

Error - 5/11/2011 5:50:58 PM | Computer Name = PAVANSCOMP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CHARY\DESKTOP\SCHOOL\GRADE 9\GEOMETRY
PRINTOUTS.PPTX> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 5/11/2011 5:50:58 PM | Computer Name = PAVANSCOMP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CHARY\DESKTOP\SCHOOL\GRADE 9\GEOMETRY
PRINTOUTS.PPTX> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 5/16/2011 8:42:19 PM | Computer Name = PAVANSCOMP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CHARY\DESKTOP\SCHOOL\GRADE 9\SUPERMAN
SYNDROME.PPTX> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 6/6/2011 3:51:23 PM | Computer Name = PAVANSCOMP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 6/6/2011 3:53:04 PM | Computer Name = PAVANSCOMP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CHARY\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/6/2011 3:54:58 PM | Computer Name = PAVANSCOMP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CHARY\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/6/2011 3:54:58 PM | Computer Name = PAVANSCOMP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CHARY\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 6/4/2011 2:40:00 PM | Computer Name = PAVANSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/4/2011 7:40:00 PM | Computer Name = PAVANSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/5/2011 10:40:00 AM | Computer Name = PAVANSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/5/2011 10:46:33 AM | Computer Name = PAVANSCOMP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 6/5/2011 3:40:00 PM | Computer Name = PAVANSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/5/2011 8:40:00 PM | Computer Name = PAVANSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/6/2011 4:40:02 PM | Computer Name = PAVANSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/6/2011 4:58:26 PM | Computer Name = PAVANSCOMP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001B775C2B28. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 6/6/2011 9:40:00 PM | Computer Name = PAVANSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/9/2011 3:34:09 PM | Computer Name = PAVANSCOMP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ZuneWlanCfgSvc
with arguments "" in order to run the server: {BABB2B95-9545-47DA-973E-298F292607CC}


< End of report >

Edited by computerman1015, 11 June 2011 - 05:55 PM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:02 PM

Posted 11 June 2011 - 06:10 PM

Hi!

You're welcome. :)

The RKUnhookerLE file opens up perfectly, but when I scan it and add the modifications you've mentioned, it scans Drivers but gets stuck in Stealth Codes (it switches to tabs depending on what it's scanning). Eventually, it just terminates. I don't know what happens, it just self-terminates. So I wasn't able to compile a log for this.

That's interesting.

Try this tool;

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1292428093-1645522239-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O33 - MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\Shell\AutoRun\command - "" = F:\Autorun.exe /run
    O33 - MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\Shell\Shell00\Command - "" = F:\Autorun.exe /run
    O33 - MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\Shell\Shell01\Command - "" = F:\Autorun.exe /action
    O33 - MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\Shell\Shell02\Command - "" = F:\Autorun.exe /uninstall
    [2011/06/11 09:22:29 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\WDOOECK.job
    [2011/05/11 19:34:58 | 000,131,072 | RHS- | C] () -- C:\WINDOWS\System32\slextspkl.dll
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 computerman1015

computerman1015
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 12 June 2011 - 09:02 AM

Alright, ran gmer (but I did use this utility before with boopme on my previous forum) and also ran the OTL fix. Attached both of those files. The one with the numbers is the OTL fix, but you probably knew that. Just wanted to explain something to YOU for a change. Haha, just kidding.


========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1292428093-1645522239-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1292428093-1645522239-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad6d90db-813d-11df-b5e1-001b775c2b28}\ not found.
File F:\Autorun.exe /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad6d90db-813d-11df-b5e1-001b775c2b28}\ not found.
File F:\Autorun.exe /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad6d90db-813d-11df-b5e1-001b775c2b28}\ not found.
File F:\Autorun.exe /action not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad6d90db-813d-11df-b5e1-001b775c2b28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad6d90db-813d-11df-b5e1-001b775c2b28}\ not found.
File F:\Autorun.exe /uninstall not found.
C:\WINDOWS\tasks\WDOOECK.job moved successfully.
C:\WINDOWS\system32\slextspkl.dll moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Chary\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chary\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.24.0 log created on 06122011_095727



GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-12 09:56:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC7BP
Running: gmer.exe; Driver: C:\DOCUME~1\Chary\LOCALS~1\Temp\awtyrkow.sys


---- System - GMER 1.0.15 ----

SSDT 851C7D60 ZwCreateKey
SSDT 851C8F00 ZwCreateMutant
SSDT 851C7260 ZwCreateProcess
SSDT 851C7520 ZwCreateProcessEx
SSDT 851C8BC0 ZwCreateThread
SSDT 851C82E0 ZwDeleteKey
SSDT 851C85A0 ZwDeleteValueKey
SSDT 851C8D60 ZwLoadDriver
SSDT 851C77E0 ZwOpenProcess
SSDT 851C90A0 ZwSetSystemInformation
SSDT 851C8020 ZwSetValueKey
SSDT 851C7AA0 ZwTerminateProcess
SSDT 851C8A20 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[784] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[812] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00C2C23C
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 00C2D349
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 00C2D187
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 00C2CDFD
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 00C2D0AC
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 00C2D262
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00C2CFE0
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00C2D514
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00C2CF14
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00C2D430
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00C2D8D4
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00C2D9A1
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WININET.dll!InternetCrackUrlW 3D9340C0 5 Bytes JMP 00C2DDB0
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WININET.dll!InternetCrackUrlA 3D954928 5 Bytes JMP 00C2DC67
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C2BD87
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C2CD56
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C2C8CB
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C2CAF2
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00C2BCC6
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C2C970
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C2CA1E
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00C2C15D
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1028] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00C2CC36
.text C:\WINDOWS\system32\SearchIndexer.exe[1736] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1840] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0128C23C
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 0128D349
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 0128D187
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 0128CDFD
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 0128D0AC
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 0128D262
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0128CFE0
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 0128D514
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0128CF14
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 0128D430
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 0128D8D4
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 0128D9A1
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0128BD87
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0128CD56
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0128C8CB
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0128CAF2
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0128BCC6
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0128C970
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0128CA1E
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 0128C15D
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 0128CC36
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WININET.dll!InternetCrackUrlW 3D9340C0 5 Bytes JMP 0128DDB0
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2872] WININET.dll!InternetCrackUrlA 3D954928 5 Bytes JMP 0128DC67
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0128C23C
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 0128D349
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 0128D187
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 0128CDFD
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 0128D0AC
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 0128D262
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0128CFE0
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 0128D514
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0128CF14
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 0128D430
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 0128D8D4
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 0128D9A1
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0128BD87
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0128CD56
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0128C8CB
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0128CAF2
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0128BCC6
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0128C970
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0128CA1E
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 0128C15D
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 0128CC36
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WININET.dll!InternetCrackUrlW 3D9340C0 5 Bytes JMP 0128DDB0
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3368] WININET.dll!InternetCrackUrlA 3D954928 5 Bytes JMP 0128DC67
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3508] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0159C23C
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 0159D349
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 0159D187
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 0159CDFD
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 0159D0AC
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 0159D262
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0159CFE0
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 0159D514
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0159CF14
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 0159D430
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 0159D8D4
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 0159D9A1
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0159BD87
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0159CD56
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0159C8CB
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0159CAF2
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0159BCC6
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0159C970
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0159CA1E
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 0159C15D
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 0159CC36
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WININET.dll!InternetCrackUrlW 3D9340C0 5 Bytes JMP 0159DDB0
.text C:\Documents and Settings\Chary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WININET.dll!InternetCrackUrlA 3D954928 5 Bytes JMP 0159DC67

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E994CFE8-66D1-DF92-B49A-5D7C082E5D1F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E994CFE8-66D1-DF92-B49A-5D7C082E5D1F}@oajflibebffkkkcgifmmgbkfekbfcj 0x69 0x61 0x6C 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E994CFE8-66D1-DF92-B49A-5D7C082E5D1F}@palioecodfopfhbachoiicnhnidcnfdo 0x69 0x61 0x6C 0x6A ...

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by SweetTech, 12 June 2011 - 10:58 AM.
expanded logs.--ST


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:02 PM

Posted 12 June 2011 - 11:01 AM

Hi!

From my intro speech;

Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.


It makes it easier if I have them in the body of the thread, rather than them being attached.

Run this tool;

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 computerman1015

computerman1015
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 12 June 2011 - 01:23 PM

Sorry SweetTech, I was confused as you said "attach". I read your opening, no worries. Okay, well, since my computer redirects and it does so on Google pretty randomly, I have no idea as to how to describe how my computer's doing, but these logs may show it:


ComboFix 11-06-11.01 - Chary 06/12/2011 14:11:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.341 [GMT -4:00]
Running from: c:\documents and settings\Chary\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\background.jpg
c:\windows\regedit.com
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\service
c:\windows\system32\service\02042011_TIS17_SfFniAU.log
c:\windows\system32\service\02092010_TIS17_SfFniAU.log
c:\windows\system32\service\03052011_TIS17_SfFniAU.log
c:\windows\system32\service\04042011_TIS17_SfFniAU.log
c:\windows\system32\service\05062010_TIS17_SfFniAU.log
c:\windows\system32\service\07052010_TIS17_SfFniAU.log
c:\windows\system32\service\07062010_TIS17_SfFniAU.log
c:\windows\system32\service\07112010_TIS17_SfFniAU.log
c:\windows\system32\service\07122010_TIS17_SfFniAU.log
c:\windows\system32\service\09062010_TIS17_SfFniAU.log
c:\windows\system32\service\10052010_TIS17_SfFniAU.log
c:\windows\system32\service\10062011_TIS17_SfFniAU.log
c:\windows\system32\service\10082010_TIS17_SfFniAU.log
c:\windows\system32\service\11052010_TIS17_SfFniAU.log
c:\windows\system32\service\12022011_TIS17_SfFniAU.log
c:\windows\system32\service\15072010_TIS17_SfFniAU.log
c:\windows\system32\service\17052011_TIS17_SfFniAU.log
c:\windows\system32\service\18112010_TIS17_SfFniAU.log
c:\windows\system32\service\20092010_TIS17_SfFniAU.log
c:\windows\system32\service\23052010_TIS17_SfFniAU.log
c:\windows\system32\service\24052010_TIS17_SfFniAU.log
c:\windows\system32\service\26042011_TIS17_SfFniAU.log
c:\windows\system32\service\27062010_TIS17_SfFniAU.log
c:\windows\system32\service\27122010_TIS17_SfFniAU.log
c:\windows\system32\service\28052010_TIS17_SfFniAU.log
c:\windows\system32\service\29122010_TIS17_SfFniAU.log
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2011-06-12 13:57 . 2011-06-12 13:57 -------- dc----w- C:\_OTL
2011-06-07 01:40 . 2011-06-07 01:40 -------- dc----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2011-05-31 20:05 . 2011-05-31 20:04 89088 -c--a-w- C:\mbr.exe
2011-05-14 02:20 . 2011-05-13 22:09 16432 -c--a-w- c:\windows\system32\lsdelete.exe
2011-05-13 22:09 . 2011-05-13 22:09 98392 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-13 22:06 . 2011-05-13 22:06 -------- dc----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2011-05-13 22:05 . 2011-04-29 16:12 64512 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-13 22:05 . 2011-05-13 22:05 -------- dc----w- c:\program files\Lavasoft
2011-05-13 22:05 . 2011-05-13 22:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 21:40 . 2011-04-20 21:40 40960 -c--a-r- c:\documents and settings\Chary\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-04-20 21:40 . 2011-04-20 21:40 40960 -c--a-r- c:\documents and settings\Chary\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-04-10 20:13 . 2006-08-13 02:40 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2011-04-10 20:13 . 2006-08-13 02:40 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2010-11-11 17:59 . 2010-11-11 17:59 645872 -c--a-w- c:\program files\UIX.renderapi.dll
2010-11-11 17:59 . 2010-11-11 17:59 1530608 -c--a-w- c:\program files\UIX.dll
2010-11-11 17:59 . 2010-11-11 17:59 1395440 -c--a-w- c:\program files\ZuneShell.dll
2010-11-11 17:59 . 2010-11-11 17:59 1288944 -c--a-w- c:\program files\UIXcontrols.dll
2010-11-11 17:59 . 2010-11-11 17:59 1052400 -c--a-w- c:\program files\ZuneDBApi.dll
2010-11-11 17:57 . 2010-11-11 17:57 300784 -c--a-w- c:\program files\ZuneSrcWrp.dll
2010-11-11 17:57 . 2010-11-11 17:57 268528 -c--a-w- c:\program files\WMZuneComm.exe
2010-11-11 17:57 . 2010-11-11 17:57 26352 -c--a-w- c:\program files\WMZuneTCP2UDP.dll
2010-11-11 17:57 . 2010-11-11 17:57 19696 -c--a-w- c:\program files\WMZuneDTPTDNS.dll
2010-11-11 17:57 . 2010-11-11 17:57 17136 -c--a-w- c:\program files\WMZuneCommProxyStub.dll
2010-11-11 17:57 . 2010-11-11 17:57 131824 -c--a-w- c:\program files\ZuneZMDB.Library.dll
2010-11-11 17:57 . 2010-11-11 17:57 130800 -c--a-w- c:\program files\ZuneZMDB.ZuneHD.dll
2010-11-11 17:57 . 2010-11-11 17:57 126192 -c--a-w- c:\program files\ZuneZMDB.Classic.dll
2010-11-11 17:57 . 2010-11-11 17:57 84720 -c--a-w- c:\program files\ZuneTaskbar.dll
2010-11-11 17:57 . 2010-11-11 17:57 444656 -c--a-w- c:\program files\ZuneWlanCfgSvc.exe
2010-11-11 17:57 . 2010-11-11 17:57 406256 -c--a-w- c:\program files\ZuneSP.dll
2010-11-11 17:57 . 2010-11-11 17:57 156400 -c--a-w- c:\program files\ZuneZMDB.Mobile.dll
2010-11-11 17:57 . 2010-11-11 17:57 59632 -c--a-w- c:\program files\ZuneShellExt.dll
2010-11-11 17:56 . 2010-11-11 17:56 836848 -c--a-w- c:\program files\ZuneService.dll
2010-11-11 17:56 . 2010-11-11 17:56 609520 -c--a-w- c:\program files\ZuneSH.dll
2010-11-11 17:56 . 2010-11-11 17:56 16873712 -c--a-w- c:\program files\ZuneShellResources.dll
2010-11-11 17:56 . 2010-11-11 17:56 16624 -c--a-w- c:\program files\ZuneShare.exe
2010-11-11 17:56 . 2010-11-11 17:56 376560 -c--a-w- c:\program files\ZuneSE.dll
2010-11-11 17:56 . 2010-11-11 17:56 1446640 -c--a-w- c:\program files\ZuneSetup.exe
2010-11-11 17:56 . 2010-11-11 17:56 1404144 -c--a-w- c:\program files\ZuneResources.dll
2010-11-11 17:56 . 2010-11-11 17:56 123120 -c--a-w- c:\program files\ZuneSA.dll
2010-11-11 17:56 . 2010-11-11 17:56 679152 -c--a-w- c:\program files\ZuneQP.dll
2010-11-11 17:56 . 2010-11-11 17:56 816880 -c--a-w- c:\program files\ZuneMde.dll
2010-11-11 17:56 . 2010-11-11 17:56 18672 -c--a-w- c:\program files\ZunePS.dll
2010-11-11 17:55 . 2010-11-11 17:55 56560 -c--a-w- c:\program files\ZuneDXVA2.dll
2010-11-11 17:55 . 2010-11-11 17:55 173296 -c--a-w- c:\program files\ZuneDB.dll
2010-11-11 17:55 . 2010-11-11 17:55 7401712 -c--a-w- c:\program files\ZuneNativeLib.dll
2010-11-11 17:55 . 2010-11-11 17:55 6351600 -c--a-w- c:\program files\ZuneNss.exe
2010-11-11 17:55 . 2010-11-11 17:55 615664 -c--a-w- c:\program files\ZuneMBR.dll
2010-11-11 17:55 . 2010-11-11 17:55 57072 -c--a-w- c:\program files\ZuneBusEnum.exe
2010-11-11 17:55 . 2010-11-11 17:55 298736 -c--a-w- c:\program files\ZuneEvr.dll
2010-11-11 17:55 . 2010-11-11 17:55 206576 -c--a-w- c:\program files\Zune.exe
2010-11-11 17:55 . 2010-11-11 17:55 1716976 -c--a-w- c:\program files\ZuneEncEng.dll
2010-11-11 17:55 . 2010-11-11 17:55 1351408 -c--a-w- c:\program files\UIXrender.dll
2010-11-11 17:55 . 2010-11-11 17:55 111856 -c--a-w- c:\program files\ZuneEffects.dll
2010-11-11 17:55 . 2010-11-11 17:55 1027824 -c--a-w- c:\program files\ZuneCore.dll
2010-11-11 17:55 . 2010-11-11 17:55 1000688 -c--a-w- c:\program files\ZuneH264Dec.dll
2010-11-11 17:55 . 2010-11-11 17:55 36080 -c--a-w- c:\program files\ZuneEnc.exe
2010-11-11 17:55 . 2010-11-11 17:55 628976 -c--a-w- c:\program files\ZUNEMP4SDECD.dll
2010-11-11 17:55 . 2010-11-11 17:55 268016 -c--a-w- c:\program files\ZuneNssci.dll
2010-11-11 17:55 . 2010-11-11 17:55 176880 -c--a-w- c:\program files\ZuneHost.exe
2010-11-11 17:55 . 2010-11-11 17:55 30960 -c--a-w- c:\program files\UIXsup.dll
2010-11-11 17:55 . 2010-11-11 17:55 159472 -c--a-w- c:\program files\ZuneLauncher.exe
2010-11-11 17:55 . 2010-11-11 17:55 120560 -c--a-w- c:\program files\ZunePresenter.dll
2010-11-11 17:55 . 2010-11-11 17:55 110320 -c--a-w- c:\program files\ZuneAACDec.dll
2010-11-11 17:55 . 2010-11-11 17:55 1084144 -c--a-w- c:\program files\ZuneMarketplaceResources.dll
2010-11-11 17:55 . 2010-11-11 17:55 50928 -c--a-w- c:\program files\ZuneCfg.dll
2010-11-11 17:55 . 2010-11-11 17:55 44272 -c--a-w- c:\program files\ZuneConfig.exe
2010-09-24 15:11 . 2010-09-24 15:11 222720 -c--a-w- c:\program files\l3codecp.acm
2010-09-24 14:30 . 2010-09-24 14:30 655872 -c--a-w- c:\program files\msvcr90.dll
2010-09-24 14:30 . 2010-09-24 14:30 572928 -c--a-w- c:\program files\msvcp90.dll
2010-09-24 14:30 . 2010-09-24 14:30 225280 -c--a-w- c:\program files\msvcm90.dll
2007-08-27 19:56 . 2007-08-27 19:56 1089440 -c--a-w- c:\program files\msidcrl40.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-06 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Chary^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Chary\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 -c--a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 -c--a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-13 19:57 173592 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-13 19:57 141336 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-13 19:57 142360 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-01 22:17 15145352 -c--a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 11:12 729088 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 20:36 872448 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-06-04 06:17 1791272 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-10 20:13 273544 -c--a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 -c--a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 17:55 159472 -c--a-w- c:\program files\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)
"Application Updater"=2 (0x2)
"AgereModemAudio"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ZuneNetworkSvc"=2 (0x2)
"fsssvc"=3 (0x3)
"McComponentHostService"=3 (0x3)
"SeaPort"=2 (0x2)
"gusvc"=3 (0x3)
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\2K Sports\\Major League Baseball 2K11\\Crack\\mlb2k11.exe"=
"c:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/13/2011 6:05 PM 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/3/2011 9:34 AM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [4/29/2011 5:55 PM 21992]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [12/4/2006 4:13 PM 292384]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/27/2010 3:55 PM 36432]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/25/2010 5:30 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/29/2011 12:11 PM 2151128]
S3 BlackBox;BlackBox SR2; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/25/2010 5:30 PM 136176]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [8/30/2010 6:03 PM 16896]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [9/27/2010 3:56 PM 51792]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [9/27/2010 3:57 PM 689416]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\WMZuneComm.exe [11/11/2010 1:57 PM 268528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 09:11]
.
2011-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 21:30]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 21:30]
.
2011-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1645522239-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1645522239-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
SafeBoot-33928615.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Aim - c:\program files\AIM\aim.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Google Update - c:\documents and settings\Chary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SearchSettings - c:\program files\YouTube Downloader Toolbar\SearchSettings.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-12 14:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1645522239-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1292428093-1645522239-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E994CFE8-66D1-DF92-B49A-5D7C082E5D1F}*]
"oajflibebffkkkcgifmmgbkfekbfcj"=hex:69,61,6c,6a,64,67,62,61,61,63,62,70,70,6b,
6d,6f,70,6f,00,00
"palioecodfopfhbachoiicnhnidcnfdo"=hex:69,61,6c,6a,64,67,62,61,61,63,62,70,70,
6b,6d,6f,70,6f,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-12 14:18:19
ComboFix-quarantined-files.txt 2011-06-12 18:18
.
Pre-Run: 43,262,947,328 bytes free
Post-Run: 43,516,456,960 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8E97DDAB0873E9BE54BD8A1FD8977664

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:02 PM

Posted 12 June 2011 - 01:30 PM

Hi!

No worries!

Lets see what these scans find;


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 computerman1015

computerman1015
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 12 June 2011 - 04:20 PM

I will edit this post with the logs of each of my logs.



EDIT: MBAM Log


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6842

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/12/2011 5:16:21 PM
mbam-log-2011-06-12 (17-16-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 265658
Time elapsed: 52 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{e6b33d9c-bd59-4c4a-b672-64fcb061c04a}\RP3\A0000047.exe (Trojan.Agent.VCP) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\06122011_095727\c_windows\system32\slextspkl.dll (Trojan.Agent) -> Quarantined and deleted successfully.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:02 PM

Posted 12 June 2011 - 04:46 PM

:thumbsup:

Please post a new reply with the additional logs as you get them.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 computerman1015

computerman1015
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 12 June 2011 - 07:29 PM

ESET Scanner Log:



C:\Documents and Settings\Chary\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk Win32/Adware.ADON application
C:\Documents and Settings\Chary\My Documents\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application
C:\Documents and Settings\Chary\Start Menu\QuickStores.lnk Win32/Adware.ADON application
C:\Program Files\Trend Micro\Internet Security\TmpxTmp\htt34.tmp a variant of Win32/Adware.Gamevance.AJ application
C:\System Volume Information\_restore{E6B33D9C-BD59-4C4A-B672-64FCB061C04A}\RP25\A0007484.dll a variant of Win32/Kryptik.LLT trojan
C:\System Volume Information\_restore{E6B33D9C-BD59-4C4A-B672-64FCB061C04A}\RP4\A0000187.exe a variant of Win32/SweetIM.B application

Edited by computerman1015, 12 June 2011 - 07:29 PM.


#12 computerman1015

computerman1015
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 12 June 2011 - 07:31 PM

Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
Trend Micro Internet Security
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.3
Out of date Adobe Reader installed!
Mozilla Firefox (Firefox, Opera, Netscape only..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````


There we go, that's the last of the logs.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:02 PM

Posted 13 June 2011 - 10:05 AM

Hi!

These threats below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\System Volume Information\_restore{E6B33D9C-BD59-4C4A-B672-64FCB061C04A}\RP25\A0007484.dll a variant of Win32/Kryptik.LLT trojan
C:\System Volume Information\_restore{E6B33D9C-BD59-4C4A-B672-64FCB061C04A}\RP4\A0000187.exe a variant of Win32/SweetIM.B application


These threats below will be removed very shortly:

C:\Documents and Settings\Chary\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk Win32/Adware.ADON application
C:\Documents and Settings\Chary\Start Menu\QuickStores.lnk Win32/Adware.ADON application
C:\Program Files\Trend Micro\Internet Security\TmpxTmp\htt34.tmp a variant of Win32/Adware.Gamevance.AJ application


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform.
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Documents and Settings\Chary\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
    C:\Documents and Settings\Chary\Start Menu\QuickStores.lnk
    C:\Program Files\Trend Micro\Internet Security\TmpxTmp\htt34.tmp
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 computerman1015

computerman1015
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 14 June 2011 - 02:34 PM

SweetTech:

I do not know how to update my Java. I followed your link and it took me to the oracle site, but you give me a better way of knowing where to find the update versions, or provide a direct link which will automatically download the executable?

I am now going to update Adobe and run the Custom Scan & Custom Fix. I will report to you on those in like 15 minutes.


You're the best! I really appreciate what you're doing. Sincerely, I do. It takes a lot of dedication to work through hundreds of problems, immerse yourself in the solution, and persist until it is finished. Words cannot express my gratitude for you. You have done better than a tech shop would have; dedicated, quick, thorough, and it feels like you genuinely care. I bet you do. Best of all? I'm learning a little bit. I have amassed tremendous respect for you. Please accept my sincerest thank you.

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:02 PM

Posted 14 June 2011 - 02:49 PM

You're very welcome!

Please try download Java from this link: http://download.oracle.com/otn-pub/java/jdk/6u26-b03/jre-6u26-windows-i586.exe

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users