Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issues accessing certain sites/server not found.


  • This topic is locked This topic is locked
14 replies to this topic

#1 KingYoshi

KingYoshi

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 26 February 2012 - 05:30 PM

Have been unable to access certain sites over the last couple days. Not sure if this will be any help, but the sites are: gametz.com, atariage.com, racketboy.com, as well as the ebay log-in page. I have used several different browsers: Firefox, Google Chrome, IE, Opera, and they don't work on any of them. I get redirected to a "Server Not Found" page that gives me these instructions

"Check the address for typing errors such as
ww.example.com instead of
www.example.com
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web."

My internet connection is perfectly fine on most sites, my PS3, Xbox360, Nintendo 3DS, etc. So, I know it isn't my connection. I really need to be able to access my ebay account, for I do a lot of buying and selling on a daily basis. I first performed a MBAM scan and immediately performed the DDS and GMER scans afterwards. I also performed a TDSSKiller scan and it turned up nothing. Here is the MBAM log, DDS log, and GMER log...



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912022604

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/26/2012 3:02:22 PM
mbam-log-2012-02-26 (15-02-22).txt

Scan type: Quick scan
Objects scanned: 264409
Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------------------------------------



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Yoshi 3 at 15:10:14 on 2012-02-26
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.440 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\yoshi 3\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMgA4ADQAMAA1ADIAOAA4ADcALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAA"&"prod=90"&"ver=9.0.894
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 213.109.66.188 213.109.72.135
TCP: Interfaces\{94E0739F-AE10-4E6D-BF3F-59A5B0023FEB} : DhcpNameServer = 213.109.66.188 213.109.72.135
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\yoshi 3\application data\mozilla\firefox\profiles\zqevl0lz.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\yoshi 3\application data\mozilla\firefox\profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\components\dtTransparency.dll
FF - component: c:\documents and settings\yoshi 3\application data\mozilla\firefox\profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\yoshi 3\application data\mozilla\firefox\profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\components\dtTransparency3.6.dll
FF - component: c:\program files\bearshare applications\mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\yoshi 3\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
S0 trxeya;trxeya;c:\windows\system32\drivers\rjcnb.sys --> c:\windows\system32\drivers\rjcnb.sys [?]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110920.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110920.001\BHDrvx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110927.030\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110927.030\IDSxpx86.sys [?]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110927.033\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110927.033\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110927.033\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110927.033\NAVEX15.SYS [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-26 27064]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-02-26 18:59:17 -------- d-----w- c:\documents and settings\yoshi 3\local settings\application data\VS Revo Group
2012-02-26 18:59:08 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-02-26 18:59:03 -------- d-----w- c:\program files\VS Revo Group
2012-02-26 18:06:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-02-26 18:06:00 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-26 18:04:38 -------- d-----w- c:\program files\Symantec
2012-02-26 18:04:11 -------- d-----w- c:\windows\system32\drivers\nav\1207000.00D
2012-02-26 18:04:09 -------- d-----w- c:\program files\common files\Symantec Shared
2012-02-26 18:04:07 -------- d-----w- c:\program files\NortonInstaller
2012-02-26 18:04:07 -------- d-----w- c:\program files\Norton AntiVirus
2012-02-26 09:34:37 -------- d-----w- c:\windows\system32\drivers\nav(4)\1206000(2).01D
2012-02-26 09:34:19 -------- d-----w- c:\windows\system32\drivers\NAV(4)
2012-02-26 09:17:02 -------- d-----w- c:\windows\system32\drivers\nav\1206000.01D
2012-02-26 09:16:43 -------- d-----w- c:\windows\system32\drivers\NAV
2012-02-26 08:58:34 -------- d-----w- c:\windows\system32\drivers\nav(2)\1206000(2).01D
2012-02-26 08:58:15 -------- d-----w- c:\windows\system32\drivers\NAV(2)
2012-02-14 22:32:23 -------- d-----w- c:\program files\MSECache
2012-02-14 21:56:45 -------- d-----w- c:\documents and settings\yoshi 3\local settings\application data\Opera
2012-01-31 12:47:03 331384 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\symtdiv.sys
2012-01-31 12:47:02 744568 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\symefa.sys
2012-01-31 12:47:02 50168 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\srtspx.sys
2012-01-31 12:47:02 369784 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\symtdi.sys
2012-01-31 12:47:02 340088 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\symds.sys
2012-01-31 12:47:02 299640 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\symnets.sys
2012-01-31 12:47:01 516216 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\srtsp.sys
2012-01-31 12:47:01 136312 ----a-w- c:\windows\system32\drivers\nav\1207000.00d\ironx86.sys
.
==================== Find3M ====================
.
.
============= FINISH: 15:10:59.18 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/11/2010 8:54:59 PM
System Uptime: 2/26/2012 2:04:12 PM (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 987/166mhz
Processor: Genuine Intel® CPU T2400 @ 1.83GHz | Microprocessor | 987/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 33.237 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01CD1028&REV_02\4&2FE911E8&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01CD1028&REV_02\4&2FE911E8&0&00F0
Service: bcm4sbxp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2493CD41354FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2493CD41354FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP425: 11/29/2011 11:58:37 PM - System Checkpoint
RP426: 12/1/2011 12:29:07 AM - System Checkpoint
RP427: 12/3/2011 1:51:22 PM - System Checkpoint
RP428: 12/6/2011 8:48:30 AM - System Checkpoint
RP429: 12/7/2011 9:10:43 PM - System Checkpoint
RP430: 12/9/2011 4:06:53 PM - System Checkpoint
RP431: 12/12/2011 1:45:01 PM - System Checkpoint
RP432: 12/15/2011 7:42:53 AM - System Checkpoint
RP433: 12/16/2011 8:54:59 PM - System Checkpoint
RP434: 12/18/2011 12:41:47 AM - System Checkpoint
RP435: 12/19/2011 8:35:56 AM - System Checkpoint
RP436: 12/21/2011 11:06:18 AM - System Checkpoint
RP437: 12/25/2011 5:39:57 AM - System Checkpoint
RP438: 12/26/2011 6:30:04 AM - System Checkpoint
RP439: 12/28/2011 2:00:02 PM - System Checkpoint
RP440: 1/4/2012 1:45:39 PM - System Checkpoint
RP441: 1/6/2012 7:32:17 AM - System Checkpoint
RP442: 1/7/2012 11:05:21 AM - System Checkpoint
RP443: 1/8/2012 11:44:56 AM - System Checkpoint
RP444: 1/9/2012 4:42:17 PM - System Checkpoint
RP445: 1/10/2012 5:19:08 PM - System Checkpoint
RP446: 1/11/2012 5:42:05 PM - System Checkpoint
RP447: 1/12/2012 6:54:24 PM - System Checkpoint
RP448: 1/19/2012 12:24:07 PM - System Checkpoint
RP449: 1/22/2012 5:23:29 AM - System Checkpoint
RP450: 1/24/2012 12:31:13 AM - System Checkpoint
RP451: 1/25/2012 5:12:42 AM - System Checkpoint
RP452: 1/29/2012 11:28:04 AM - System Checkpoint
RP453: 1/30/2012 12:21:46 PM - System Checkpoint
RP454: 2/2/2012 8:42:21 AM - System Checkpoint
RP455: 2/4/2012 12:55:13 AM - System Checkpoint
RP456: 2/5/2012 5:47:29 AM - System Checkpoint
RP457: 2/7/2012 7:38:40 AM - System Checkpoint
RP458: 2/8/2012 8:28:08 AM - System Checkpoint
RP459: 2/9/2012 9:06:33 AM - System Checkpoint
RP460: 2/10/2012 12:33:53 PM - System Checkpoint
RP461: 2/11/2012 8:56:16 PM - System Checkpoint
RP462: 2/14/2012 5:31:41 PM - System Checkpoint
RP463: 2/14/2012 5:32:44 PM - Installed Microsoft Office Word Viewer 2003
RP464: 2/16/2012 4:10:30 PM - System Checkpoint
RP465: 2/17/2012 5:36:21 PM - System Checkpoint
RP466: 2/18/2012 6:10:20 PM - System Checkpoint
RP467: 2/19/2012 10:23:24 PM - System Checkpoint
RP468: 2/21/2012 12:52:20 AM - System Checkpoint
RP469: 2/23/2012 9:53:02 AM - System Checkpoint
RP470: 2/24/2012 10:32:31 AM - System Checkpoint
RP471: 2/25/2012 10:43:01 AM - System Checkpoint
RP472: 2/26/2012 3:57:36 AM - Restore Operation
RP473: 2/26/2012 4:13:14 AM - Restore Operation
RP474: 2/26/2012 4:27:49 AM - Restore Operation
RP475: 2/26/2012 12:58:38 PM - Restore Operation
RP476: 2/26/2012 1:13:03 PM - Removed Ask Toolbar.
RP477: 2/26/2012 2:00:00 PM - Revo Uninstaller Pro's restore point - Google Chrome
RP478: 2/26/2012 2:14:38 PM - Revo Uninstaller Pro's restore point - Google Chrome
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Akamai NetSession Interface
Alarm Clock v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bonjour
Broadcom 440x 10/100 Integrated Controller
Conexant HDA D110 MDC V.92 Modem
ESPNMotion
Free PDF Tablet 0.1
Google Chrome
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Intel® PROSet/Wireless Software
iTunes
iWin Games (remove only)
Java™ 6 Update 20
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
MediaBar
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIRC
mIWA
mLogView
mMHouse
Mozilla Firefox 10.0.2 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 6.0 Parser
mWlsSafe
mWMI
mZConfig
Norton AntiVirus
OpenOffice.org 3.2
Otto
PDF Settings CS5
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.7
Security Update for Windows XP (KB912812)
SigmaTel Audio
Skype Toolbars
Skype™ 5.5
Sonic Encoders
SopCast 3.3.2
SUPERAntiSpyware
Update for Windows XP (KB932823-v3)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Hotfix - KB839210
.
==== Event Viewer Messages From Past Week ========
.
2/26/2012 4:03:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 SymIRON
2/26/2012 2:33:34 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2/26/2012 2:33:15 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/22/2012 11:13:29 AM, error: Service Control Manager [7024] - The Norton AntiVirus service terminated with service-specific error 4294967295 (0xFFFFFFFF).
2/22/2012 11:13:29 AM, error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.
2/20/2012 10:05:52 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/20/2012 10:05:46 AM, error: Dhcp [1002] - The IP address lease 10.0.0.8 for the Network Card with network address 001302E03CA9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

------------------------------------------------------------------------------------------------------------------------------------------------------------





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-26 16:59:18
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2060BH rev.892C
Running: 199w2n8p.exe; Driver: C:\DOCUME~1\YOSHI3~1\LOCALS~1\Temp\awxiypob.sys


---- System - GMER 1.0.15 ----

SSDT 84DA5E60 ZwConnectPort
SSDT 84D77528 ZwLoadDriver

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\DOCUME~1\YOSHI3~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[964] USER32.dll!SetWindowLongA 77D4DED3 5 Bytes JMP 106C01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[964] USER32.dll!SetWindowLongW 77D4DEF1 5 Bytes JMP 106C0135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[964] USER32.dll!GetWindowInfo 77D4F122 5 Bytes JMP 10450924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[964] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 10450ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2644] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01224832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2644] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01149315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2644] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0133DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2644] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0133E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2644] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0133DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2644] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0133DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2644] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0133DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2644] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0133E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2644] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0133DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[3032] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\firefox.exe[4068] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01205B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


Thanks for your time!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 27 February 2012 - 03:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 KingYoshi

KingYoshi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 27 February 2012 - 03:45 PM

I am still unable to access the same sites as before and I still can't log-in to ebay. Here is the combofix log. Doesn't seem like much has changed.



ComboFix 12-02-27.02 - Yoshi 3 02/27/2012 15:17:48.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.579 [GMT -5:00]
Running from: c:\documents and settings\Yoshi 3\My Documents\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\iWin Games\iWinGamesHookIE.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 09:52 . 2012-02-27 09:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-27 04:48 . 2004-08-04 05:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-02-27 04:48 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-02-27 04:48 . 2004-08-04 04:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-02-27 04:48 . 2004-08-04 04:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-02-27 04:48 . 2004-08-04 04:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-02-27 04:48 . 2004-08-04 04:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-02-26 18:59 . 2012-02-26 18:59 -------- d-----w- c:\documents and settings\Yoshi 3\Local Settings\Application Data\VS Revo Group
2012-02-26 18:59 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-02-26 18:59 . 2012-02-26 18:59 -------- d-----w- c:\program files\VS Revo Group
2012-02-26 18:06 . 2012-02-26 18:06 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-26 18:04 . 2012-02-26 18:04 -------- d-----w- c:\program files\Symantec
2012-02-26 18:04 . 2012-02-26 18:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-02-26 18:04 . 2012-02-27 04:33 -------- d-----w- c:\program files\NortonInstaller
2012-02-26 18:04 . 2012-02-26 18:04 -------- d-----w- c:\program files\Norton AntiVirus
2012-02-26 09:16 . 2012-02-26 18:04 -------- d-----w- c:\windows\system32\drivers\NAV
2012-02-14 22:32 . 2012-02-14 22:32 -------- d-----w- c:\program files\MSECache
2012-02-14 21:56 . 2012-02-14 21:56 -------- d-----w- c:\documents and settings\Yoshi 3\Local Settings\Application Data\Opera
2012-02-14 21:56 . 2012-02-26 09:35 -------- d-----w- c:\program files\Opera
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 14:40 . 2012-02-26 19:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-19_05.44.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-26 14:38 . 2011-08-26 14:38 16384 c:\windows\Temp\Perflib_Perfdata_20c.dat
+ 2004-08-10 11:00 . 2012-02-27 04:38 62746 c:\windows\system32\perfc009.dat
- 2004-08-10 11:00 . 2011-04-05 23:13 62746 c:\windows\system32\perfc009.dat
+ 2010-11-25 03:18 . 2010-09-28 20:44 41984 c:\windows\system32\drivers\usbaapl.sys
+ 2012-01-31 12:47 . 2011-03-31 03:00 50168 c:\windows\system32\drivers\NAV\1207000.00D\srtspx.sys
+ 2011-08-08 02:26 . 2011-08-08 02:26 18944 c:\windows\Installer\c2567c.msi
+ 2011-08-08 02:25 . 2011-08-08 02:25 92672 c:\windows\Installer\c25673.msi
+ 2011-08-08 02:26 . 2011-08-08 02:26 5632 c:\windows\system32\pndx5032.dll
+ 2011-08-08 02:26 . 2011-08-08 02:26 6656 c:\windows\system32\pndx5016.dll
+ 2011-08-08 02:26 . 2011-08-08 02:26 198848 c:\windows\system32\rmoc3260.dll
+ 2011-08-08 02:25 . 2011-08-08 02:25 272896 c:\windows\system32\pncrt.dll
+ 2004-08-10 11:00 . 2012-02-27 04:38 401632 c:\windows\system32\perfh009.dat
- 2004-08-10 11:00 . 2011-04-05 23:13 401632 c:\windows\system32\perfh009.dat
+ 2011-08-08 02:25 . 2011-08-08 02:25 348160 c:\windows\system32\msvcr71.dll
+ 2011-08-08 02:25 . 2011-08-08 02:25 499712 c:\windows\system32\msvcp71.dll
+ 2012-02-27 09:52 . 2012-02-27 09:52 250016 c:\windows\system32\Macromed\Flash\FlashUtil11f_Plugin.exe
+ 2012-01-31 12:47 . 2011-04-21 01:37 331384 c:\windows\system32\drivers\NAV\1207000.00D\symtdiv.sys
+ 2012-01-31 12:47 . 2011-04-21 01:37 369784 c:\windows\system32\drivers\NAV\1207000.00D\symtdi.sys
+ 2012-01-31 12:47 . 2011-04-21 01:37 299640 c:\windows\system32\drivers\NAV\1207000.00D\symnets.sys
+ 2012-01-31 12:47 . 2011-03-15 02:31 744568 c:\windows\system32\drivers\NAV\1207000.00D\symefa.sys
+ 2012-01-31 12:47 . 2011-01-27 06:47 340088 c:\windows\system32\drivers\NAV\1207000.00D\symds.sys
+ 2012-01-31 12:47 . 2011-03-31 03:00 516216 c:\windows\system32\drivers\NAV\1207000.00D\srtsp.sys
+ 2012-01-31 12:47 . 2011-01-27 05:07 136312 c:\windows\system32\drivers\NAV\1207000.00D\ironx86.sys
+ 2011-10-09 20:46 . 2011-10-09 20:46 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
+ 2010-11-25 03:18 . 2010-09-28 20:44 4184352 c:\windows\system32\usbaaplrc.dll
+ 2010-09-01 15:33 . 2012-02-26 18:06 8865424 c:\windows\system32\Restore\rstrlog.dat
+ 2010-01-27 01:07 . 2012-02-27 09:52 8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-10-09 20:47 . 2011-10-09 20:47 1252864 c:\windows\Installer\2202e.msi
+ 2011-10-09 20:46 . 2011-10-09 20:46 1527808 c:\windows\Installer\22022.msi
+ 2007-07-31 12:29 . 2007-07-31 12:29 12836864 c:\windows\Installer\81e12e.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-02-08 17:22 721840 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-01-18 13:05 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll" [2011-01-18 87480]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 17353352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-01-13 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-08-08 273544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0AMgA4ADQAMAA1ADIAOAA4ADcALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAA&prod=90&ver=9.0.894" [?]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/2/2011 6:37 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/2/2011 6:37 PM 744568]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 10:17 AM 176848]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/2/2011 6:37 PM 130008]
S0 trxeya;trxeya;c:\windows\system32\drivers\rjcnb.sys --> c:\windows\system32\drivers\rjcnb.sys [?]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/2/2011 6:37 PM 136312]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 6:00 AM 14336]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110927.030\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110927.030\IDSxpx86.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/26/2012 1:59 PM 27064]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HIDSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-USER-604B45EEC4-Yoshi 3.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-13 15:00]
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1284227242-1417001333-1007Core.job
- c:\documents and settings\Yoshi 3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-12 16:37]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1284227242-1417001333-1007UA.job
- c:\documents and settings\Yoshi 3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-12 16:37]
.
2012-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-1284227242-1417001333-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-02-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-1284227242-1417001333-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 213.109.66.188 213.109.72.135
FF - ProfilePath - c:\documents and settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 15:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2012-02-27 15:29:46
ComboFix-quarantined-files.txt 2012-02-27 20:29
ComboFix2.txt 2011-06-19 05:49
ComboFix3.txt 2011-03-30 04:59
.
Pre-Run: 35,796,893,696 bytes free
Post-Run: 39,194,484,736 bytes free
.
- - End Of File - - E887808A5C3DDC37E69C3D0C9AFDE010

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 27 February 2012 - 05:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 KingYoshi

KingYoshi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 28 February 2012 - 04:34 PM

There are still no noticeable changes to my laptop. Still can't access any of the sites from before that I need to access. Here are the logs.



16:16:46.0718 2608 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
16:16:47.0562 2608 ============================================================
16:16:47.0562 2608 Current date / time: 2012/02/28 16:16:47.0562
16:16:47.0562 2608 SystemInfo:
16:16:47.0562 2608
16:16:47.0562 2608 OS Version: 5.1.2600 ServicePack: 2.0
16:16:47.0562 2608 Product type: Workstation
16:16:47.0562 2608 ComputerName: USER-604B45EEC4
16:16:47.0562 2608 UserName: Yoshi 3
16:16:47.0562 2608 Windows directory: C:\WINDOWS
16:16:47.0562 2608 System windows directory: C:\WINDOWS
16:16:47.0562 2608 Processor architecture: Intel x86
16:16:47.0562 2608 Number of processors: 2
16:16:47.0562 2608 Page size: 0x1000
16:16:47.0562 2608 Boot type: Normal boot
16:16:47.0562 2608 ============================================================
16:16:50.0780 2608 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:16:50.0842 2608 \Device\Harddisk0\DR0:
16:16:50.0842 2608 MBR used
16:16:50.0842 2608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
16:16:51.0108 2608 Initialize success
16:16:51.0108 2608 ============================================================
16:16:54.0139 0468 ============================================================
16:16:54.0139 0468 Scan started
16:16:54.0139 0468 Mode: Manual;
16:16:54.0139 0468 ============================================================
16:16:55.0576 0468 Abiosdsk - ok
16:16:55.0592 0468 abp480n5 - ok
16:16:55.0654 0468 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:16:55.0670 0468 ACPI - ok
16:16:55.0779 0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:16:55.0779 0468 ACPIEC - ok
16:16:55.0935 0468 adpu160m - ok
16:16:56.0092 0468 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
16:16:56.0107 0468 aec - ok
16:16:56.0170 0468 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:16:56.0170 0468 AegisP - ok
16:16:56.0248 0468 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
16:16:56.0248 0468 AFD - ok
16:16:56.0263 0468 Aha154x - ok
16:16:56.0279 0468 aic78u2 - ok
16:16:56.0295 0468 aic78xx - ok
16:16:56.0310 0468 AliIde - ok
16:16:56.0326 0468 amsint - ok
16:16:56.0373 0468 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:16:56.0373 0468 Arp1394 - ok
16:16:56.0388 0468 asc - ok
16:16:56.0404 0468 asc3350p - ok
16:16:56.0420 0468 asc3550 - ok
16:16:56.0466 0468 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:16:56.0466 0468 AsyncMac - ok
16:16:56.0623 0468 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:16:56.0623 0468 atapi - ok
16:16:56.0654 0468 Atdisk - ok
16:16:56.0779 0468 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:16:56.0810 0468 ati2mtag - ok
16:16:56.0873 0468 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:16:56.0873 0468 Atmarpc - ok
16:16:56.0935 0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:16:56.0935 0468 audstub - ok
16:16:56.0998 0468 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
16:16:56.0998 0468 bcm4sbxp - ok
16:16:57.0045 0468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:16:57.0045 0468 Beep - ok
16:16:57.0123 0468 BHDrvx86 - ok
16:16:57.0341 0468 catchme - ok
16:16:57.0732 0468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:16:57.0748 0468 cbidf2k - ok
16:16:57.0810 0468 cd20xrnt - ok
16:16:57.0982 0468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:16:57.0982 0468 Cdaudio - ok
16:16:58.0091 0468 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
16:16:58.0122 0468 Cdfs - ok
16:16:58.0341 0468 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:16:58.0357 0468 Cdrom - ok
16:16:58.0404 0468 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
16:16:58.0404 0468 cercsr6 - ok
16:16:58.0419 0468 Changer - ok
16:16:58.0482 0468 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:16:58.0482 0468 CmBatt - ok
16:16:58.0497 0468 CmdIde - ok
16:16:58.0529 0468 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:16:58.0529 0468 Compbatt - ok
16:16:58.0544 0468 Cpqarray - ok
16:16:58.0576 0468 dac2w2k - ok
16:16:58.0576 0468 dac960nt - ok
16:16:58.0607 0468 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
16:16:58.0622 0468 Disk - ok
16:16:58.0669 0468 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
16:16:58.0701 0468 dmboot - ok
16:16:58.0747 0468 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
16:16:58.0763 0468 dmio - ok
16:16:59.0075 0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:16:59.0075 0468 dmload - ok
16:16:59.0154 0468 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
16:16:59.0154 0468 DMusic - ok
16:16:59.0169 0468 dpti2o - ok
16:16:59.0247 0468 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
16:16:59.0263 0468 drmkaud - ok
16:16:59.0435 0468 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:16:59.0450 0468 eeCtrl - ok
16:16:59.0778 0468 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
16:16:59.0778 0468 Fastfat - ok
16:16:59.0950 0468 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
16:16:59.0950 0468 Fdc - ok
16:17:00.0138 0468 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
16:17:00.0138 0468 Fips - ok
16:17:00.0247 0468 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:17:00.0247 0468 Flpydisk - ok
16:17:00.0325 0468 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:17:00.0325 0468 FltMgr - ok
16:17:00.0341 0468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:17:00.0341 0468 Fs_Rec - ok
16:17:00.0357 0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:17:00.0372 0468 Ftdisk - ok
16:17:00.0450 0468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:17:00.0450 0468 GEARAspiWDM - ok
16:17:00.0513 0468 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:17:00.0528 0468 Gpc - ok
16:17:00.0591 0468 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:17:00.0591 0468 HDAudBus - ok
16:17:00.0669 0468 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:17:00.0669 0468 HidUsb - ok
16:17:00.0685 0468 hpn - ok
16:17:00.0778 0468 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
16:17:00.0794 0468 HSF_DPV - ok
16:17:00.0856 0468 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
16:17:00.0856 0468 HSXHWAZL - ok
16:17:00.0997 0468 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
16:17:00.0997 0468 HTTP - ok
16:17:01.0044 0468 i2omgmt - ok
16:17:01.0044 0468 i2omp - ok
16:17:01.0122 0468 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:17:01.0122 0468 i8042prt - ok
16:17:01.0153 0468 IDSxpx86 - ok
16:17:01.0185 0468 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:17:01.0185 0468 Imapi - ok
16:17:01.0200 0468 ini910u - ok
16:17:01.0216 0468 IntelIde - ok
16:17:01.0278 0468 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:17:01.0278 0468 intelppm - ok
16:17:01.0325 0468 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:17:01.0325 0468 Ip6Fw - ok
16:17:01.0356 0468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:17:01.0356 0468 IpFilterDriver - ok
16:17:01.0388 0468 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:17:01.0388 0468 IpInIp - ok
16:17:01.0434 0468 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:17:01.0434 0468 IpNat - ok
16:17:01.0559 0468 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:17:01.0575 0468 IPSec - ok
16:17:01.0684 0468 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:17:01.0684 0468 IRENUM - ok
16:17:01.0763 0468 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:17:01.0763 0468 isapnp - ok
16:17:01.0825 0468 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:17:01.0825 0468 Kbdclass - ok
16:17:01.0903 0468 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
16:17:01.0919 0468 kmixer - ok
16:17:01.0950 0468 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
16:17:01.0966 0468 KSecDD - ok
16:17:01.0981 0468 lbrtfdc - ok
16:17:02.0075 0468 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:17:02.0075 0468 mdmxsdk - ok
16:17:02.0122 0468 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:17:02.0122 0468 MHNDRV - ok
16:17:02.0169 0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:17:02.0169 0468 mnmdd - ok
16:17:02.0262 0468 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
16:17:02.0262 0468 Modem - ok
16:17:02.0341 0468 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:17:02.0341 0468 Mouclass - ok
16:17:02.0372 0468 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
16:17:02.0372 0468 MountMgr - ok
16:17:02.0387 0468 mraid35x - ok
16:17:02.0403 0468 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:17:02.0419 0468 MRxDAV - ok
16:17:02.0450 0468 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:17:02.0497 0468 MRxSmb - ok
16:17:02.0512 0468 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
16:17:02.0512 0468 Msfs - ok
16:17:02.0575 0468 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:17:02.0575 0468 MSKSSRV - ok
16:17:02.0606 0468 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:17:02.0606 0468 MSPCLOCK - ok
16:17:02.0622 0468 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
16:17:02.0637 0468 MSPQM - ok
16:17:02.0716 0468 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:17:02.0716 0468 mssmbios - ok
16:17:02.0747 0468 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
16:17:02.0762 0468 Mup - ok
16:17:02.0794 0468 NAVENG - ok
16:17:02.0809 0468 NAVEX15 - ok
16:17:02.0887 0468 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
16:17:02.0887 0468 NDIS - ok
16:17:03.0012 0468 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:17:03.0012 0468 NdisTapi - ok
16:17:03.0075 0468 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:17:03.0090 0468 Ndisuio - ok
16:17:03.0090 0468 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:17:03.0106 0468 NdisWan - ok
16:17:03.0122 0468 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
16:17:03.0122 0468 NDProxy - ok
16:17:03.0137 0468 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:17:03.0137 0468 NetBIOS - ok
16:17:03.0169 0468 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:17:03.0169 0468 NetBT - ok
16:17:03.0403 0468 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
16:17:03.0559 0468 NETw4x32 - ok
16:17:03.0606 0468 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:17:03.0606 0468 NIC1394 - ok
16:17:03.0715 0468 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
16:17:03.0715 0468 Npfs - ok
16:17:03.0856 0468 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
16:17:03.0903 0468 Ntfs - ok
16:17:03.0981 0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:17:03.0981 0468 Null - ok
16:17:04.0043 0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:17:04.0043 0468 NwlnkFlt - ok
16:17:04.0059 0468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:17:04.0059 0468 NwlnkFwd - ok
16:17:04.0122 0468 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:17:04.0122 0468 ohci1394 - ok
16:17:04.0153 0468 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
16:17:04.0153 0468 Parport - ok
16:17:04.0168 0468 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
16:17:04.0168 0468 PartMgr - ok
16:17:04.0262 0468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:17:04.0262 0468 ParVdm - ok
16:17:04.0309 0468 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
16:17:04.0325 0468 PCI - ok
16:17:04.0356 0468 PCIDump - ok
16:17:04.0372 0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:17:04.0387 0468 PCIIde - ok
16:17:04.0465 0468 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:17:04.0496 0468 Pcmcia - ok
16:17:04.0684 0468 PDCOMP - ok
16:17:04.0856 0468 PDFRAME - ok
16:17:04.0981 0468 PDRELI - ok
16:17:05.0262 0468 PDRFRAME - ok
16:17:05.0403 0468 perc2 - ok
16:17:05.0434 0468 perc2hib - ok
16:17:05.0543 0468 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:17:05.0543 0468 PptpMiniport - ok
16:17:05.0559 0468 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
16:17:05.0559 0468 PSched - ok
16:17:05.0590 0468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:17:05.0590 0468 Ptilink - ok
16:17:05.0684 0468 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:17:05.0684 0468 PxHelp20 - ok
16:17:05.0731 0468 ql1080 - ok
16:17:05.0778 0468 Ql10wnt - ok
16:17:05.0793 0468 ql12160 - ok
16:17:05.0809 0468 ql1240 - ok
16:17:05.0809 0468 ql1280 - ok
16:17:05.0856 0468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:17:05.0856 0468 RasAcd - ok
16:17:05.0887 0468 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:17:05.0887 0468 Rasl2tp - ok
16:17:05.0918 0468 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:17:05.0918 0468 RasPppoe - ok
16:17:05.0934 0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:17:05.0934 0468 Raspti - ok
16:17:05.0965 0468 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:17:05.0981 0468 Rdbss - ok
16:17:05.0996 0468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:17:05.0996 0468 RDPCDD - ok
16:17:06.0059 0468 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:17:06.0059 0468 rdpdr - ok
16:17:06.0106 0468 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
16:17:06.0106 0468 RDPWD - ok
16:17:06.0152 0468 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:17:06.0168 0468 redbook - ok
16:17:06.0293 0468 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
16:17:06.0293 0468 Revoflt - ok
16:17:06.0371 0468 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
16:17:06.0371 0468 rimmptsk - ok
16:17:06.0387 0468 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
16:17:06.0387 0468 rimsptsk - ok
16:17:06.0402 0468 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
16:17:06.0402 0468 rismxdp - ok
16:17:06.0481 0468 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
16:17:06.0481 0468 s24trans - ok
16:17:06.0637 0468 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:17:06.0637 0468 SASDIFSV - ok
16:17:06.0652 0468 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:17:06.0652 0468 SASKUTIL - ok
16:17:06.0824 0468 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:17:06.0840 0468 sdbus - ok
16:17:06.0887 0468 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:17:06.0887 0468 Secdrv - ok
16:17:06.0965 0468 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
16:17:06.0965 0468 Serial - ok
16:17:06.0996 0468 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
16:17:07.0012 0468 sffdisk - ok
16:17:07.0074 0468 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
16:17:07.0074 0468 sffp_sd - ok
16:17:07.0137 0468 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:17:07.0137 0468 Sfloppy - ok
16:17:07.0152 0468 Simbad - ok
16:17:07.0168 0468 Sparrow - ok
16:17:07.0230 0468 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
16:17:07.0230 0468 splitter - ok
16:17:07.0309 0468 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
16:17:07.0309 0468 sr - ok
16:17:07.0418 0468 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
16:17:07.0449 0468 SRTSP - ok
16:17:07.0574 0468 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
16:17:07.0574 0468 SRTSPX - ok
16:17:07.0668 0468 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
16:17:07.0684 0468 Srv - ok
16:17:07.0840 0468 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
16:17:07.0871 0468 STHDA - ok
16:17:07.0933 0468 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:17:07.0933 0468 swenum - ok
16:17:07.0996 0468 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
16:17:07.0996 0468 swmidi - ok
16:17:08.0012 0468 symc810 - ok
16:17:08.0027 0468 symc8xx - ok
16:17:08.0105 0468 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
16:17:08.0152 0468 SymDS - ok
16:17:08.0230 0468 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
16:17:08.0277 0468 SymEFA - ok
16:17:08.0465 0468 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:17:08.0465 0468 SymEvent - ok
16:17:08.0496 0468 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
16:17:08.0512 0468 SymIRON - ok
16:17:08.0543 0468 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
16:17:08.0558 0468 SYMTDI - ok
16:17:08.0574 0468 sym_hi - ok
16:17:08.0590 0468 sym_u3 - ok
16:17:08.0715 0468 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
16:17:08.0730 0468 sysaudio - ok
16:17:08.0824 0468 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:17:08.0824 0468 Tcpip - ok
16:17:08.0886 0468 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:17:08.0886 0468 TDPIPE - ok
16:17:08.0918 0468 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
16:17:08.0918 0468 TDTCP - ok
16:17:08.0965 0468 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:17:08.0965 0468 TermDD - ok
16:17:09.0027 0468 TosIde - ok
16:17:09.0043 0468 trxeya - ok
16:17:09.0105 0468 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
16:17:09.0105 0468 Udfs - ok
16:17:09.0168 0468 UIUSys - ok
16:17:09.0183 0468 ultra - ok
16:17:09.0215 0468 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
16:17:09.0215 0468 Update - ok
16:17:09.0277 0468 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:17:09.0277 0468 USBAAPL - ok
16:17:09.0308 0468 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
16:17:09.0324 0468 usbaudio - ok
16:17:09.0386 0468 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:17:09.0386 0468 usbccgp - ok
16:17:09.0433 0468 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:17:09.0433 0468 usbehci - ok
16:17:09.0464 0468 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:17:09.0464 0468 usbhub - ok
16:17:09.0527 0468 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:17:09.0527 0468 USBSTOR - ok
16:17:09.0558 0468 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:17:09.0558 0468 usbuhci - ok
16:17:09.0652 0468 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
16:17:09.0652 0468 VgaSave - ok
16:17:09.0730 0468 ViaIde - ok
16:17:09.0746 0468 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
16:17:09.0761 0468 VolSnap - ok
16:17:09.0793 0468 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:17:09.0793 0468 Wanarp - ok
16:17:09.0808 0468 WDICA - ok
16:17:09.0886 0468 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
16:17:09.0886 0468 wdmaud - ok
16:17:10.0011 0468 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
16:17:10.0027 0468 winachsf - ok
16:17:10.0121 0468 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:17:10.0136 0468 WmiAcpi - ok
16:17:10.0199 0468 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:17:10.0199 0468 WS2IFSL - ok
16:17:10.0246 0468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:17:10.0949 0468 \Device\Harddisk0\DR0 - ok
16:17:10.0949 0468 Boot (0x1200) (dc6ede8babf8da9752e7190f6b11e47a) \Device\Harddisk0\DR0\Partition0
16:17:10.0949 0468 \Device\Harddisk0\DR0\Partition0 - ok
16:17:10.0949 0468 ============================================================
16:17:10.0949 0468 Scan finished
16:17:10.0949 0468 ============================================================
16:17:10.0980 0348 Detected object count: 0
16:17:10.0980 0348 Actual detected object count: 0






aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 16:19:25
-----------------------------
16:19:25.147 OS Version: Windows 5.1.2600 Service Pack 2
16:19:25.162 Number of processors: 2 586 0xE08
16:19:25.194 ComputerName: USER-604B45EEC4 UserName: Yoshi 3
16:19:26.272 Initialize success
16:19:49.315 AVAST engine download error: 0
16:19:59.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:19:59.954 Disk 0 Vendor: FUJITSU_MHV2060BH 892C Size: 57241MB BusType: 3
16:19:59.985 Disk 0 MBR read successfully
16:19:59.985 Disk 0 MBR scan
16:19:59.985 Disk 0 Windows XP default MBR code
16:19:59.985 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
16:19:59.985 Disk 0 scanning sectors +117210240
16:20:00.079 Disk 0 scanning C:\WINDOWS\system32\drivers
16:20:09.546 Service scanning
16:20:29.012 Modules scanning
16:20:37.776 Disk 0 trace - called modules:
16:20:37.807 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
16:20:37.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86745ab8]
16:20:37.807 3 CLASSPNP.SYS[f767205b] -> nt!IofCallDriver -> \Device\00000074[0x86753f18]
16:20:37.807 5 ACPI.sys[f74e8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86751940]
16:20:37.807 Scan finished successfully
16:27:05.592 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Yoshi 3\Desktop\MBR.dat"
16:27:05.639 The log file has been saved successfully to "C:\Documents and Settings\Yoshi 3\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 29 February 2012 - 07:17 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 KingYoshi

KingYoshi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 29 February 2012 - 09:05 AM

Still no change. Seems weird. Here are the logs....


OTL logfile created on: 2/29/2012 8:23:52 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Yoshi 3\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 522.64 Mb Available Physical Memory | 51.12% Memory free
2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.23% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 36.43 Gb Free Space | 65.19% Space Free | Partition Type: NTFS

Computer Name: USER-604B45EEC4 | User Name: Yoshi 3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Yoshi 3\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2ad34146\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f2ebb92f\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b7600ac1\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bdb82d19\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_394ccf36\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ose) -- File not found
SRV - (odserv) -- File not found
SRV - (Akamai) -- File not found
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14196
IE - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A EC 06 52 F2 A0 CB 01 [binary data]
IE - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.1.0.00
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CFE0D688-2EFC-4AAF-9BAE-EE05F2DEFECF}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{CFE0D688-2EFC-4AAF-9BAE-EE05F2DEFECF}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{26B72975-4840-489F-A3D9-B86A810FDD4B}: C:\Documents and Settings\Dos\Local Settings\Application Data\{26B72975-4840-489F-A3D9-B86A810FDD4B}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{658D30F2-34CD-44EC-8F04-70B1187EDA1C}: C:\Documents and Settings\Yoshi\Local Settings\Application Data\{658D30F2-34CD-44EC-8F04-70B1187EDA1C}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{70F22709-FBDB-44F2-BB49-F45FF70340B9}: C:\Documents and Settings\Yoshi 2\Local Settings\Application Data\{70F22709-FBDB-44F2-BB49-F45FF70340B9}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ED8AAA92-8C7C-4D39-8AAC-73484E8E6ACB}: C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\{ED8AAA92-8C7C-4D39-8AAC-73484E8E6ACB}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/07 21:26:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 14:36:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/12 11:50:37 | 000,000,000 | ---D | M]

[2011/08/22 03:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Extensions
[2011/08/22 03:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/02/26 13:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions
[2011/04/08 11:43:13 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011/07/29 21:02:18 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\searchplugins\askcom.xml
[2010/09/14 07:48:25 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\searchplugins\BearShareWebSearch.xml
[2012/02/26 14:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/04 02:50:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/14 07:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=9e4c77e1-01f5-474e-9510-a9ace0e26aa2&apn_ptnrs=FM&apn_sauid=FA5A6AB3-F858-4CEF-86D6-4D3FA9C85CE1&apn_dtid=TES002R6US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Disabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Gmail = C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/27 15:26:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.188 213.109.72.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94E0739F-AE10-4E6D-BF3F-59A5B0023FEB}: DhcpNameServer = 213.109.66.188 213.109.72.135
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/11 19:48:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 15:14:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/27 15:14:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/27 15:14:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/27 15:14:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/27 04:52:58 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/26 23:48:35 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2012/02/26 23:48:14 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012/02/26 23:48:07 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2012/02/26 13:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\VS Revo Group
[2012/02/26 13:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/02/26 13:59:08 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/02/26 13:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/02/26 13:51:38 | 007,895,528 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Yoshi 3\Desktop\RevoUninstaller.exe
[2012/02/26 13:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/26 13:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[2012/02/26 13:04:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1207000.00D
[2012/02/26 13:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/02/26 13:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/26 13:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2012/02/26 04:34:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV(4)\1206000(2).01D
[2012/02/26 04:34:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV(4)
[2012/02/26 04:17:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1206000.01D
[2012/02/26 04:16:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2012/02/26 03:58:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV(2)\1206000(2).01D
[2012/02/26 03:58:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV(2)
[2012/02/14 17:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/02/14 17:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/02/14 16:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\Opera
[2012/02/14 16:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yoshi 3\Application Data\Opera
[2012/02/14 16:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/01/31 07:47:03 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symtdiv.sys
[2012/01/31 07:47:02 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symefa.sys
[2012/01/31 07:47:02 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symtdi.sys
[2012/01/31 07:47:02 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symds.sys
[2012/01/31 07:47:02 | 000,299,640 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symnets.sys
[2012/01/31 07:47:02 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\srtspx.sys
[2012/01/31 07:47:01 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\srtsp.sys
[2012/01/31 07:47:01 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\ironx86.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 07:36:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1284227242-1417001333-1007UA.job
[2012/02/29 07:36:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1284227242-1417001333-1007Core.job
[2012/02/29 06:57:39 | 000,401,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/29 06:57:39 | 000,062,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/29 06:53:48 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-1284227242-1417001333-1007.job
[2012/02/29 06:53:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/28 16:27:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\Desktop\MBR.dat
[2012/02/28 16:16:30 | 002,044,186 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\Desktop\tdsskiller.zip
[2012/02/27 15:26:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/27 14:38:55 | 000,020,391 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\My Documents\Resident Evil Compiled List.ods
[2012/02/27 14:35:45 | 000,044,277 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\My Documents\Game Collection.ods
[2012/02/27 04:52:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/27 04:36:24 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-1284227242-1417001333-1007.job
[2012/02/27 04:34:26 | 000,014,587 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\My Documents\Collection Transaction Records.ods
[2012/02/27 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-USER-604B45EEC4-Yoshi 3.job
[2012/02/26 14:36:34 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/26 14:36:34 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/26 13:59:10 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/02/26 13:58:38 | 007,895,528 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Yoshi 3\Desktop\RevoUninstaller.exe
[2012/02/26 04:39:30 | 000,513,212 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV(4)\1206000(2).01D\Cat.DB
[2012/02/26 04:19:50 | 000,513,212 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1206000.01D\Cat.DB
[2012/02/26 04:03:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/26 04:02:41 | 000,513,212 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV(2)\1206000(2).01D\Cat.DB
[2012/02/24 02:48:20 | 000,015,907 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\My Documents\Survival & Horror Compiled List.ods
[2012/02/21 08:16:10 | 000,018,755 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\My Documents\Anime Book.ods
[2012/02/08 20:32:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/28 16:27:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Yoshi 3\Desktop\MBR.dat
[2012/02/28 16:16:30 | 002,044,186 | ---- | C] () -- C:\Documents and Settings\Yoshi 3\Desktop\tdsskiller.zip
[2012/02/27 15:14:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/27 15:14:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/27 15:14:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/27 15:14:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/27 15:14:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/27 04:34:18 | 000,014,587 | ---- | C] () -- C:\Documents and Settings\Yoshi 3\My Documents\Collection Transaction Records.ods
[2012/02/26 14:36:34 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Yoshi 3\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/26 14:36:34 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/26 14:36:34 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/26 13:59:10 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/02/26 04:39:24 | 000,513,212 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV(4)\1206000(2).01D\Cat.DB
[2012/02/26 04:19:42 | 000,513,212 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1206000.01D\Cat.DB
[2012/02/26 04:02:35 | 000,513,212 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV(2)\1206000(2).01D\Cat.DB
[2012/01/31 07:47:02 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symnetv.cat
[2012/01/31 07:47:02 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symnet.cat
[2012/01/31 07:47:02 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symefa.cat
[2012/01/31 07:47:02 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\srtspx.cat
[2012/01/31 07:47:02 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symefa.inf
[2012/01/31 07:47:02 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symds.inf
[2012/01/31 07:47:02 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symnetv.inf
[2012/01/31 07:47:02 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symnet.inf
[2012/01/31 07:47:02 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\srtspx.inf
[2012/01/31 07:47:01 | 000,007,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\iron.cat
[2012/01/31 07:47:01 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\srtsp.cat
[2012/01/31 07:47:01 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\srtsp.inf
[2012/01/31 07:47:01 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\iron.inf
[2012/01/31 07:46:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\symds.cat
[2012/01/31 07:46:39 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1207000.00D\isolate.ini
[2011/04/21 20:52:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/06 23:12:44 | 000,060,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/23 18:13:53 | 000,014,686 | -HS- | C] () -- C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\163b4h03u14rnim384y5iha4e3xvap1m2fsu68ed
[2011/03/23 18:13:53 | 000,014,686 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\163b4h03u14rnim384y5iha4e3xvap1m2fsu68ed
[2011/03/23 00:27:19 | 000,014,302 | -HS- | C] () -- C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\e63lt3ed7f6e
[2011/03/23 00:27:19 | 000,014,302 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e63lt3ed7f6e
[2010/10/28 16:41:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/27 16:07:15 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\fusioncache.dat
[2010/09/26 14:10:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Upogeboyo.dat
[2010/09/26 14:10:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vsuyocubuwo.bin
[2010/09/09 23:25:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/11 21:00:12 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/05/11 20:53:17 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/05/11 20:41:58 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/05/11 19:55:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/11 19:41:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/11 12:12:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/11 12:10:32 | 003,588,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >


OTL Extras logfile created on: 2/29/2012 8:23:52 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Yoshi 3\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 522.64 Mb Available Physical Memory | 51.12% Memory free
2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.23% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 36.43 Gb Free Space | 65.19% Space Free | Partition Type: NTFS

Computer Name: USER-604B45EEC4 | User Name: Yoshi 3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2025429265-1284227242-1417001333-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"Alarm Clock_is1" = Alarm Clock v1.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BearShare 2 MediaBar" = MediaBar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ESPNMotion" = ESPNMotion
"Free PDF Tablet" = Free PDF Tablet 0.1
"ie8" = Windows Internet Explorer 8
"iWinArcade" = iWin Games (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NAV" = Norton AntiVirus
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.3.2
"Windows Media Format Runtime" = Windows Media Format Runtime

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2025429265-1284227242-1417001333-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2012 8:03:19 PM | Computer Name = USER-604B45EEC4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6237047

Error - 2/22/2012 6:04:52 PM | Computer Name = USER-604B45EEC4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/22/2012 6:04:52 PM | Computer Name = USER-604B45EEC4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 2/22/2012 6:04:52 PM | Computer Name = USER-604B45EEC4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 2/25/2012 5:53:43 AM | Computer Name = USER-604B45EEC4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/25/2012 5:53:43 AM | Computer Name = USER-604B45EEC4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2156

Error - 2/25/2012 5:53:43 AM | Computer Name = USER-604B45EEC4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2156

Error - 2/26/2012 2:38:01 PM | Computer Name = USER-604B45EEC4 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x10042c80.

Error - 2/29/2012 7:53:43 AM | Computer Name = USER-604B45EEC4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/29/2012 7:53:43 AM | Computer Name = USER-604B45EEC4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 2/27/2012 12:33:46 AM | Computer Name = USER-604B45EEC4 | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 2/27/2012 12:33:46 AM | Computer Name = USER-604B45EEC4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 SymIRON

Error - 2/27/2012 4:35:16 PM | Computer Name = USER-604B45EEC4 | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 2/27/2012 4:35:16 PM | Computer Name = USER-604B45EEC4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 SymIRON

Error - 2/28/2012 5:12:50 PM | Computer Name = USER-604B45EEC4 | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 2/28/2012 5:13:04 PM | Computer Name = USER-604B45EEC4 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/28/2012 5:13:04 PM | Computer Name = USER-604B45EEC4 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/28/2012 5:13:05 PM | Computer Name = USER-604B45EEC4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 SymIRON

Error - 2/29/2012 7:53:37 AM | Computer Name = USER-604B45EEC4 | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 2/29/2012 7:53:37 AM | Computer Name = USER-604B45EEC4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 SymIRON


< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 29 February 2012 - 10:40 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File not found
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
    PRC - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)  
    IE - HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14196
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
    FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
    [2011/04/08 11:43:13 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
    [2011/07/29 21:02:18 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\searchplugins\askcom.xml
    [2010/09/14 07:48:25 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\searchplugins\BearShareWebSearch.xml
    [2010/09/14 07:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
    O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
    O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
    O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
    [2011/03/23 18:13:53 | 000,014,686 | -HS- | C] () -- C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\163b4h03u14rnim384y5iha4e3xvap1m2fsu68ed
    [2011/03/23 18:13:53 | 000,014,686 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\163b4h03u14rnim384y5iha4e3xvap1m2fsu68ed
    [2011/03/23 00:27:19 | 000,014,302 | -HS- | C] () -- C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\e63lt3ed7f6e
    [2011/03/23 00:27:19 | 000,014,302 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e63lt3ed7f6e
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.188 213.109.72.135
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94E0739F-AE10-4E6D-BF3F-59A5B0023FEB}: DhcpNameServer = 213.109.66.188 213.109.72.135
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results



Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 KingYoshi

KingYoshi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 02 March 2012 - 01:35 PM

There doesn't seem to be any change. Still can't access the sites. Here are the logs......

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ deleted successfully.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}\ deleted successfully.
No active process named datamngrUI.exe was found!
HKU\S-1-5-21-2025429265-1284227242-1417001333-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "http://search.bearshare.com/" removed from browser.startup.homepage
Prefs.js: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 removed from extensions.enabledItems
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\components folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\default folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\skin folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\data\search folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content\data folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome\content folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\chrome folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} folder moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Yoshi 3\Application Data\Mozilla\Firefox\Profiles\zqevl0lz.default\searchplugins\BearShareWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ deleted successfully.
C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ deleted successfully.
C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found.
File C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe moved successfully.
C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\163b4h03u14rnim384y5iha4e3xvap1m2fsu68ed moved successfully.
C:\Documents and Settings\All Users\Application Data\163b4h03u14rnim384y5iha4e3xvap1m2fsu68ed moved successfully.
C:\Documents and Settings\Yoshi 3\Local Settings\Application Data\e63lt3ed7f6e moved successfully.
C:\Documents and Settings\All Users\Application Data\e63lt3ed7f6e moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94E0739F-AE10-4E6D-BF3F-59A5B0023FEB}\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Yoshi 3\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Yoshi 3\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 2603 bytes
->Google Chrome cache emptied: 6865510 bytes
->Flash cache emptied: 2061991 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 41620 bytes

User: Dos
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 18315 bytes
->Flash cache emptied: 1747 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1756 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Yoshi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5290 bytes

User: Yoshi 2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3593 bytes

User: Yoshi 3
->Temp folder emptied: 3666574 bytes
->Temporary Internet Files folder emptied: 5241980 bytes
->Java cache emptied: 9932 bytes
->FireFox cache emptied: 226017170 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 5478918 bytes
->Flash cache emptied: 19804 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1238856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 714410 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 242.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: Dos
->Java cache emptied: 0 bytes

User: Guest
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Yoshi
->Java cache emptied: 0 bytes

User: Yoshi 2
->Java cache emptied: 0 bytes

User: Yoshi 3
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Dos
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Yoshi
->Flash cache emptied: 0 bytes

User: Yoshi 2
->Flash cache emptied: 0 bytes

User: Yoshi 3
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.34.0 log created on 03022012_131930

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




Windows IP Configuration



Host Name . . . . . . . . . . . . : user-604b45eec4

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-13-02-E0-3C-A9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 213.109.66.188

213.109.72.135

Lease Obtained. . . . . . . . . . : Friday, March 02, 2012 1:23:59 PM

Lease Expires . . . . . . . . . . : Saturday, March 03, 2012 1:23:59 PM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.66.188

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.66.188

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging google.com [72.14.204.102] with 32 bytes of data:



Reply from 72.14.204.102: bytes=32 time=33ms TTL=54

Reply from 72.14.204.102: bytes=32 time=34ms TTL=54



Ping statistics for 72.14.204.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 34ms, Average = 33ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=75ms TTL=52

Reply from 209.191.122.70: bytes=32 time=78ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 75ms, Maximum = 78ms, Average = 76ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 02 e0 3c a9 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.3 25
10.0.0.0 255.255.255.0 10.0.0.3 10.0.0.3 25
10.0.0.3 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.0.0.3 10.0.0.3 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.0.0.3 10.0.0.3 20
224.0.0.0 240.0.0.0 10.0.0.3 10.0.0.3 25
255.255.255.255 255.255.255.255 10.0.0.3 10.0.0.3 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 02 March 2012 - 02:59 PM

Hello

Yes it looks like the DNS settings on the router have been changed.

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 KingYoshi

KingYoshi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 02 March 2012 - 10:34 PM

Working great now! Thanks a ton!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 02 March 2012 - 10:37 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 05 March 2012 - 01:49 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 08 March 2012 - 01:01 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 11 March 2012 - 11:56 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users