Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win 32 malware gen


  • This topic is locked This topic is locked
28 replies to this topic

#1 groovecase

groovecase

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 19 May 2013 - 07:50 AM

Hi guys,

 

A few days ago i downloaded a crack and ran it. It shut down my antivirus and my firewall. Panicking, i immediately deleted it. So i don't have that file anymore. I ran avast's boot time scan, and sent all finds to the chest. However when i would connect to the internet, alarms would go off saying win 32 malware detected. I started researching this forum and downloaded farbar scan tool and ran it. No luck. Then i ran mbar. the 1st time it detected 28 malware and cleaned it up. The 2nd time i ran it no malware were found. However everytime i'd connect to the internet, alarms would go off again. So i downloaded combofix and ran it. I only read the rules of combofix later. Combofix detected a rootki problem and something attacking my tcp/ip connection. but it would just stall. It wouldn't go into the stages of the scan. Please help. Win 32 malware gen was what avast detects when i use my browser (firefox). Running win xp sp2.....Thanks :)

 

*Moderator Edit: Moved topic from XP to the appropriate forum. Since Combofix was mentioned I moved it to Malware Removal Logs. ~ Queen-Evie*


Edited by Queen-Evie, 19 May 2013 - 08:02 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 19 May 2013 - 12:31 PM



Hello groovecase

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 groovecase

groovecase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 20 May 2013 - 01:03 AM

HI Gringo,

 

thanks for the quick reply....here come the logs :)

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Chris at 11:18:05 on 2013-05-20
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.219 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Launch Manager\LManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\snuvcdsm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Autorun Eater\billy.exe
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=APN10236&gct=hp
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph05103815l04g4wu55r45326268
uInternet Connection Wizard,ShellNext = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph05103815l04g4wu55r45326268
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Encarta Web Companion Helper Object: {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Encarta Web Companion: {147D6308-0614-4112-89B1-31402F9B82C4} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Encarta Web Companion: {147D6308-0614-4112-89B1-31402F9B82C4} - c:\program files\common files\microsoft shared\encarta web companion\ENCWCBAR.DLL
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [E06AXLRD_7022500] "c:\program files\microsoft encarta\encarta premium dvd 2006\EDICT.EXE" -m
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\chris\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [snuvcdsm] c:\windows\snuvcdsm.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1365600602625
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 203.86.213.133 203.86.213.137
TCP: Interfaces\{A29954BF-6248-4B2E-A96D-F7CA06640E78} : DHCPNameServer = 203.86.213.133 203.86.213.137
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\6311p2bd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/
FF - plugin: c:\documents and settings\chris\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\chris\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\chris\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\chris\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: !HIDDEN! 2012-11-24 06:11; hotfix@mozilla.org; c:\documents and settings\chris\application data\mozilla\firefox\extensions\MozillaHotfix
FF - ExtSQL: !HIDDEN! 2013-04-13 10:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-10 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-10 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-10 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2013-4-10 40384]
R2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\DCService.exe [2010-8-19 229376]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2009-11-9 107016]
R2 Updater Service;Updater Service;c:\program files\emachines\emachines updater\UpdaterService.exe [2009-11-10 240160]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2013-4-10 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2013-4-10 40384]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-2-19 72832]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-11-9 38912]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-10 1684736]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-2-19 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-2-19 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-2-19 117504]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-4-24 9728]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-10 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2012-4-24 106752]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2012-4-24 105216]
.
=============== Created Last 30 ================
.
2013-05-19 09:30:05    --------    d-s---w-    C:\ComboFix
2013-05-19 07:57:38    --------    d-sha-r-    C:\cmdcons
2013-05-19 04:38:03    580712    ------w-    c:\windows\system32\HPDiscoPM5412.dll
2013-05-19 04:37:50    1979280    ----a-w-    c:\windows\system32\HPScanTRDrv_OJ6500_E710n-z.dll
2013-05-19 04:37:49    496016    ----a-w-    c:\windows\system32\HPWia1_OJ6500_E710n-z.dll
2013-05-19 04:37:40    529296    ----a-w-    c:\windows\system32\hpinksts5412.dll
2013-05-19 04:37:40    269200    ----a-w-    c:\windows\system32\hpinksts5412LM.dll
2013-05-19 04:37:40    2216848    ----a-w-    c:\windows\system32\hpinkins5412.exe
2013-05-19 04:37:40    221072    ----a-w-    c:\windows\system32\hpinkcoi5412.dll
2013-05-19 04:37:02    --------    d-----w-    c:\program files\HP
2013-05-19 04:36:35    --------    d-----w-    c:\documents and settings\chris\local settings\application data\HP
2013-05-18 23:40:01    98816    ----a-w-    c:\windows\sed.exe
2013-05-18 23:40:01    256000    ----a-w-    c:\windows\PEV.exe
2013-05-18 23:40:01    208896    ----a-w-    c:\windows\MBR.exe
2013-05-18 13:03:09    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-05-18 12:59:08    --------    d-----w-    C:\FRST
2013-05-18 09:03:26    --------    dc-h--w-    c:\windows\ie8
2013-05-18 08:45:39    --------    d-----w-    c:\documents and settings\chris\application data\PacificLava
2013-05-16 11:48:44    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-05-18 12:39:45    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-18 12:39:45    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-10 11:51:42    249856    ------w-    c:\windows\Setup1.exe
2013-04-10 11:51:41    73216    ----a-w-    c:\windows\ST6UNST.EXE
2013-03-23 06:22:02    638464    ----a-w-    c:\windows\dbplugin.exe
2013-03-23 06:22:00    356352    ----a-w-    c:\windows\eSellerateEngine.dll
2013-03-23 06:21:59    823296    ----a-w-    c:\windows\npdbplug.dll
2013-03-23 06:21:59    2416752    ----a-w-    c:\windows\dbplugin.ocx
2013-03-15 10:16:32    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-15 10:16:32    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32:25    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:25:02    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-02-27 07:56:51    2067456    ----a-w-    c:\windows\system32\mstscax.dll
.
============= FINISH: 11:19:47.43 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/16/2010 7:02:21 AM
System Uptime: 5/20/2013 11:08:13 AM (0 hours ago)
.
Motherboard: Acer |  | eM250           
Processor:          Intel® Atom™ CPU N270   @ 1.60GHz | CPU | 1595/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 15.317 GiB free.
D: is Removable
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP338: 2/21/2013 6:37:28 AM - Software Distribution Service 3.0
RP339: 2/21/2013 3:53:00 PM - Removed Java 7 Update 13
RP340: 2/21/2013 3:53:35 PM - Installed Java 7 Update 15
RP341: 2/21/2013 8:45:06 PM - Software Distribution Service 3.0
RP342: 3/6/2013 6:40:38 AM - System Checkpoint
RP343: 3/7/2013 8:21:54 AM - System Checkpoint
RP344: 3/8/2013 9:21:26 AM - System Checkpoint
RP345: 3/9/2013 9:54:59 AM - System Checkpoint
RP346: 3/10/2013 10:23:47 AM - System Checkpoint
RP347: 3/11/2013 12:22:16 PM - System Checkpoint
RP348: 3/12/2013 3:32:43 PM - System Checkpoint
RP349: 3/15/2013 3:45:47 PM - Removed Java 7 Update 15
RP350: 3/15/2013 3:46:23 PM - Installed Java 7 Update 17
RP351: 3/16/2013 4:00:03 PM - Software Distribution Service 3.0
RP352: 3/18/2013 1:01:02 PM - System Checkpoint
RP353: 3/19/2013 2:34:24 PM - System Checkpoint
RP354: 3/20/2013 2:54:24 PM - System Checkpoint
RP355: 3/21/2013 7:25:55 AM - Software Distribution Service 3.0
RP356: 3/22/2013 2:38:07 PM - System Checkpoint
RP357: 3/23/2013 7:59:42 AM - Software Distribution Service 3.0
RP358: 3/24/2013 8:37:37 AM - System Checkpoint
RP359: 3/25/2013 10:30:53 AM - System Checkpoint
RP360: 3/26/2013 12:02:59 PM - System Checkpoint
RP361: 3/27/2013 12:03:30 PM - System Checkpoint
RP362: 3/28/2013 5:18:55 PM - System Checkpoint
RP363: 3/29/2013 3:32:19 PM - Installed Windows XP KB915800-v4.
RP364: 3/29/2013 3:32:52 PM - Installed Windows XP Windows Search 4.0.
RP365: 3/30/2013 6:34:32 PM - System Checkpoint
RP366: 4/1/2013 9:09:29 AM - System Checkpoint
RP367: 4/1/2013 1:47:49 PM - Installed Pronunciation Power Idioms
RP368: 4/2/2013 3:56:01 PM - System Checkpoint
RP369: 4/4/2013 7:52:05 AM - System Checkpoint
RP370: 4/5/2013 7:19:52 AM - Software Distribution Service 3.0
RP371: 4/6/2013 9:11:58 AM - System Checkpoint
RP372: 4/6/2013 3:10:54 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP373: 4/6/2013 3:13:14 PM - Installed Vegas Pro 9.0
RP374: 4/6/2013 4:34:08 PM - Software Distribution Service 3.0
RP375: 4/6/2013 6:04:45 PM - Removed Vegas Pro 9.0e
RP376: 4/8/2013 10:02:02 AM - System Checkpoint
RP377: 4/8/2013 12:00:38 PM - Removed eRedBook.
RP378: 4/8/2013 12:03:54 PM - Installed eRedBook.
RP379: 4/9/2013 7:05:30 PM - Software Distribution Service 3.0
RP380: 4/10/2013 7:17:03 PM - Software Distribution Service 3.0
RP381: 4/10/2013 8:29:39 PM - Restore Operation
RP382: 4/10/2013 8:36:37 PM - Restore Operation
RP383: 4/10/2013 9:13:27 PM - avast! Pro Antivirus Setup
RP384: 4/10/2013 9:15:22 PM - Software Distribution Service 3.0
RP385: 4/10/2013 9:29:55 PM - avast! Pro Antivirus Setup
RP386: 4/10/2013 10:06:01 PM - Installed avast
RP387: 4/12/2013 1:18:08 PM - System Checkpoint
RP388: 4/12/2013 2:45:05 PM - Software Distribution Service 3.0
RP389: 4/13/2013 10:04:00 AM - Software Distribution Service 3.0
RP390: 4/13/2013 10:17:26 AM - Software Distribution Service 3.0
RP391: 4/14/2013 9:30:07 AM - Software Distribution Service 3.0
RP392: 4/15/2013 10:03:34 AM - System Checkpoint
RP393: 4/16/2013 11:16:55 AM - System Checkpoint
RP394: 4/17/2013 1:00:59 PM - System Checkpoint
RP395: 4/18/2013 10:38:56 PM - System Checkpoint
RP396: 4/20/2013 12:21:07 AM - System Checkpoint
RP397: 4/21/2013 7:00:57 AM - System Checkpoint
RP398: 4/23/2013 1:16:09 AM - System Checkpoint
RP399: 4/24/2013 7:06:12 AM - System Checkpoint
RP400: 5/16/2013 5:15:59 PM - Installed Java 7 Update 21
RP401: 5/17/2013 6:14:21 PM - System Checkpoint
RP402: 5/18/2013 2:34:48 PM - Installed Windows Internet Explorer 8.
RP403: 5/18/2013 2:37:04 PM - Removed Word Scramble
RP404: 5/18/2013 2:43:13 PM - Installed Windows Internet Explorer 8.
RP405: 5/18/2013 2:50:03 PM - Installed Windows Internet Explorer 8.
RP406: 5/18/2013 7:36:43 PM - Malwarebytes Anti-Rootkit Restore Point
RP407: 5/19/2013 7:46:28 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
AC3Filter 2.5b
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Alice Greenfingers
Amazonia
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Autorun Eater v2.5
Bass Audio Decoder (remove only)
BerBible
BibleDatabase
Bonjour
Canon MG6200 series MP Drivers
CD Audio Reader Filter (remove only)
CDisplayEx 1.4
Compatibility Pack for the 2007 Office system
Concise Oxford Dictionary (Tenth Edition)
CutePDF Editor Toolbar
CutePDF Editor Toolbar Updater
CutePDF Writer 3.0
Dairy Dash
DCoder Image Source (remove only)
DirectVobSub (remove only)
DScaler 5 Mpeg Decoders
e-Sword
eMachines GameZone Console
eMachines Recovery Management
eMachines ScreenSaver
eMachines Updater
eRedBook
Farm Frenzy 2
ffdshow v1.2.4453 [2012-05-21]
FFMPEG Core Files (remove only)
First Class Flurry
Functional Ear Trainer - Advanced
Functional Ear Trainer - Basic
Gabest MPEG Splitter (remove only)
Google Talk Plugin
Guitar Pro 5.0
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB981793)
Identity Card
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IrfanView (remove only)
Java 7 Update 21
Java Auto Updater
JavaFX 2.1.1
Join Me
Juniper Networks Network Connect 7.1.0
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client Activex Control
Junk Mail filter update
Launch Manager
LAV Filters 0.55.3
Macromedia Shockwave Player
MadVR (remove only)
McGill English Dictionary of Rhyme & Verse Perfect 2.0
Merriam Websters Spell Jam
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Encarta Premium 2006 DVD
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mobipocket Reader 6.2
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Optus Mobile Broadband
Paint.NET v3.5.10
PDFCreator
Primo
Pronunciation Power Idioms
QuickTime 3.0
Real Alternative 1.7.5 Lite
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2817183)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
Skype Click to Call
Skype™ 6.3
Synaptics Pointing Device Driver
TheSage
Transcribe! 7.05
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
USB2.0 Card Reader Software
Video Web Camera Ver:1.0.10.1022
VLC media player 1.0.0
WebCam
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Search 4.0
WinRAR archiver
WordWeb Pro
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
5/20/2013 10:56:58 AM, error: Print [6161]  - The document D:\VigiPlot.pdf owned by Chris failed to print on printer Canon MG6200 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 42333172. Number of bytes printed: 0. Total number of pages in the document: 15. Number of pages printed: 0. Client machine: \\EMACHINE-9AA367. Win32 error code returned by the print processor: 3 (0x3).
5/19/2013 5:08:41 AM, error: Service Control Manager [7034]  - The DCService.exe service terminated unexpectedly.  It has done this 1 time(s).
5/18/2013 8:41:58 AM, error: Dhcp [1002]  - The IP address lease 192.168.45.65 for the Network Card with network address F07BCB8FA184 has been denied by the DHCP server 192.168.37.1 (The DHCP Server sent a DHCPNACK message).
5/18/2013 8:09:51 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
5/18/2013 8:09:51 PM, error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/18/2013 6:02:03 PM, error: Service Control Manager [7023]  - The Network Location Awareness (NLA) service terminated with the following error:  The specified procedure could not be found.
5/18/2013 6:01:37 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
5/18/2013 2:24:16 PM, error: PlugPlayManager [11]  - The device Root\LEGACY_.MRXSMB\0000 disappeared from the system without first being prepared for removal.
5/17/2013 8:37:29 PM, error: Dhcp [1002]  - The IP address lease 192.168.37.70 for the Network Card with network address F07BCB8FA184 has been denied by the DHCP server 192.168.45.1 (The DHCP Server sent a DHCPNACK message).
5/17/2013 7:10:18 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
5/16/2013 2:43:48 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 20 May 2013 - 01:14 AM



Hello groovecase

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 groovecase

groovecase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 20 May 2013 - 03:43 AM

Hi Gringo,

 

Before running the tools, avast would detect the win 32 malware gen erratically when i'd start firefox. After running the tool it hasn't detected it yet. Yesterday when i ran Combofix, it said i had a rootkit problem, not sure what a rootkit is....Thanks for helping me out

 

Here come the Logs... :)

 

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 13:52:19
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Chris - EMACHINE-9AA367
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Chris\Desktop\Malware removal tools\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\Chris\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\DOCUME~1\Chris\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\Chris\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Partner
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\extensions\staged
Folder Deleted : C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\extensions\toolbar@ask.com
Folder Deleted : C:\Documents and Settings\Chris\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Chris\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=APN10236&gct=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://isearch.avg.com/search?cid=%7B27565ecd[...]

*************************

AdwCleaner[S1].txt - [9706 octets] - [20/05/2013 13:52:19]

########## EOF - C:\AdwCleaner[S1].txt - [9766 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Chris on Mon 05/20/2013 at 14:00:00.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Chris\Application Data\mozilla\firefox\profiles\6311p2bd.default\prefs.js

user_pref("extensions.crossrider.bic", "13afe3c84134523adc180e8da6f3306d");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/20/2013 at 14:06:22.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 20 May 2013 - 02:07 PM


Hello groovecase

I would like you to download an updated version of combofix.

update combofix
  • Delete the version of combofix you have now on your desktop and download a new one from here**Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

    Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 groovecase

groovecase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 20 May 2013 - 10:27 PM

Hi Gringo,

 

I downloaded Combofix onto my desktop from the link you sent and updated it. Shut down all programs and ran it. It detected that i have a Rootkit zero aceess virus that has infected my TCP/IP stack. Then it said it would take about 10-20 mins to fix it. However it didn't do anythinng after that for the next 1 hour. o different stages of the clean process appeared. I then tried to shut it down and restart my coputer. So i don't have a log.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 20 May 2013 - 11:23 PM


Hello groovecase

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 groovecase

groovecase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 21 May 2013 - 12:51 AM

Hi Gringo,

 

Avast detected the win 32 malware gen again before i ran the tools. After i ran the tools there hasn't been any alarms going off. Here come the logs, Thanks for your help! :)

 

10:44:05.0875 2328  Scan finished
10:44:05.0875 2328  ============================================================
10:44:05.0890 0848  Detected object count: 2
10:44:05.0890 0848  Actual detected object count: 2
10:45:25.0468 0848  DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:25.0468 0848  DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:45:25.0468 0848  PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:25.0468 0848  PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:45:31.0625 2720  Deinitialize success

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Remove -- Date : 05/21/2013 10:55:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] snuvcdsm.exe -- C:\WINDOWS\snuvcdsm.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : snuvcdsm (C:\WINDOWS\snuvcdsm.exe) [7] -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ SMENU] HKLM\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
--- User ---
[MBR] f63502ba5f857fe4301cb0c6d3b20de9
[BSP] 99ad88162c1359a1337339c9c19254bf : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 10244 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20981760 | Size: 142388 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05212013_02d1055.txt >>
RKreport[1]_S_05212013_02d1052.txt ; RKreport[2]_D_05212013_02d1055.txt


 

 

 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 21 May 2013 - 01:13 AM


Hello groovecase

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 groovecase

groovecase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 21 May 2013 - 02:19 AM

Hi Gringo,

 

When i started the computer in safemode, I noticed another account set up called administrator. Usually my account is the administrator account. I reckon the virus created this. I ran combofix in safe mode without networking. It displayed the same message as earlier, rootkit zero access has infected the TCP/IP stack. After about half an hour the screen just went blank. None of the stages of the scan were seen in the meantime. I had to hard shutdown the computer and restart in safemode. But there wasn't any log from combofix. Please help! :smash:



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 21 May 2013 - 02:07 PM

Hello


besides not being able to run combofix (don't worry I have seen it happen before and the Zero access warning I have seen it happen in XP) I don't see anything left ZA in any of the reports



how is the computer doing at this time



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 groovecase

groovecase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 21 May 2013 - 05:20 PM

Good morning Gringo, :)

 

The computer seems to be running alright. Except for the suspicious administrator account that has been created which i cannot access in normal mode, there hasn't been anything too crazy. I'm just worried about losing administrator rights on my computer.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 PM

Posted 21 May 2013 - 09:29 PM



Hello groovecase

I think that account is normally hidden but not a problem

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 groovecase

groovecase
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 21 May 2013 - 10:27 PM

Hi Gringo,

 

Here comes the log! :)

 

OTL logfile created on: 5/22/2013 8:35:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.87 Mb Total Physical Memory | 349.07 Mb Available Physical Memory | 34.43% Memory free
2.39 Gb Paging File | 1.66 Gb Available in Paging File | 69.55% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 16.89 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
 
Computer Name: EMACHINE-9AA367 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Autorun Eater\billy.exe (Old McDonald's Farm)
PRC - C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Alwil Software\Avast5\defs\13052101\algo.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
MOD - C:\Program Files\Alwil Software\Avast5\aswDld.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\Reference 2006\MSENCXML.DLL ()
MOD - C:\Program Files\Common Files\Microsoft Shared\Reference 2006\ERSREGPR.DLL ()
MOD - C:\Program Files\Common Files\Microsoft Shared\Reference 2006\MSENCDAT.DLL ()
MOD - C:\Program Files\Common Files\Microsoft Shared\Reference 2006\ENCCONT.DLL ()
MOD - C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICTITS.EBK ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (DCService.exe) -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (DsiWMIService) -- C:\Program Files\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (USBCCID) -- system32\DRIVERS\Rts5161ccid.sys File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (Rts516xIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (Changer) --  File not found
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (massfilter_hs) -- C:\WINDOWS\system32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (zgwhsdiag) -- C:\WINDOWS\system32\drivers\zgwhsdiag.sys (ZTE Incorporated)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (zgwhsmdm) -- C:\WINDOWS\system32\drivers\zgwhsmdm.sys (ZTE Incorporated)
DRV - (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=em250&r=0xph05103815l04g4wu55r45326268
IE - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com.au/"
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.14
FF - prefs.js..extensions.enabledAddons: bytubed@cs213.cse.iitk.ac.in:1.1.1
FF - prefs.js..extensions.enabledAddons: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57}:1.2.1
FF - prefs.js..extensions.enabledAddons: hotfix@mozilla.org:2.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Chris\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Chris\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Chris\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2012/12/08 19:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/14 05:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/14 05:09:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2012/12/08 19:04:08 | 000,000,000 | ---D | M]
 
[2010/05/15 18:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2012/11/24 06:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Extensions
[2012/12/08 19:04:08 | 000,000,000 | ---D | M] (Mozilla hotfix) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix
[2013/05/20 13:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\extensions
[2011/03/20 14:58:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/26 04:52:54 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/03/04 12:23:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/28 21:30:12 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\extensions\bytubed@cs213.cse.iitk.ac.in
[2012/04/22 23:14:34 | 000,096,636 | R--- | M] () (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2013/04/03 07:32:00 | 000,046,841 | ---- | M] () (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi
[2013/05/16 17:09:38 | 000,001,088 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\searchplugins\dictionarycom.xml
[2011/06/07 23:01:20 | 000,000,960 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\searchplugins\onelook-dictionary-search.xml
[2013/05/16 17:09:39 | 000,001,081 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\6311p2bd.default\searchplugins\thesauruscom.xml
[2012/11/14 05:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/14 05:09:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/11/14 05:10:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/30 08:39:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/14 00:56:47 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2013/01/17 09:11:14 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKU\S-1-5-21-2885428501-1300003180-414440772-1006..\Run: [E06AXLRD_7022500] C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2885428501-1300003180-414440772-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1365600602625 (MUWebControl Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.86.213.133 203.86.213.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A29954BF-6248-4B2E-A96D-F7CA06640E78}: DhcpNameServer = 203.86.213.133 203.86.213.137
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/09 22:29:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/10 17:50:16 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2f2ad37a-89ee-11e2-acc0-705ab6cca4e2}\Shell - "" = AutoRun
O33 - MountPoints2\{2f2ad37a-89ee-11e2-acc0-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f2ad37a-89ee-11e2-acc0-705ab6cca4e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{5b04ec8c-b644-11e1-b00d-705ab6cca4e2}\Shell - "" = AutoRun
O33 - MountPoints2\{5b04ec8c-b644-11e1-b00d-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b04ec8c-b644-11e1-b00d-705ab6cca4e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{707261b4-b681-11e1-b545-705ab6cca4e2}\Shell - "" = AutoRun
O33 - MountPoints2\{707261b4-b681-11e1-b545-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{707261b4-b681-11e1-b545-705ab6cca4e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{707261ba-b681-11e1-b545-705ab6cca4e2}\Shell - "" = AutoRun
O33 - MountPoints2\{707261ba-b681-11e1-b545-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{707261ba-b681-11e1-b545-705ab6cca4e2}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{707261bf-b681-11e1-b545-705ab6cca4e2}\Shell - "" = AutoRun
O33 - MountPoints2\{707261bf-b681-11e1-b545-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{707261bf-b681-11e1-b545-705ab6cca4e2}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{707261c2-b681-11e1-b545-705ab6cca4e2}\Shell - "" = AutoRun
O33 - MountPoints2\{707261c2-b681-11e1-b545-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{707261c2-b681-11e1-b545-705ab6cca4e2}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{77ca872e-96a4-11df-882f-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77ca872e-96a4-11df-882f-705ab6cca4e2}\Shell\AutoRun\command - "" = D:\nemoj\\meni.exe
O33 - MountPoints2\{77ca872e-96a4-11df-882f-705ab6cca4e2}\Shell\explore\command - "" = D:\nemoj\\\meni.exe
O33 - MountPoints2\{77ca872e-96a4-11df-882f-705ab6cca4e2}\Shell\open\command - "" = D:\nemoj\\\meni.exe
O33 - MountPoints2\{99508cb2-99bb-11df-883a-705ab6cca4e2}\Shell - "" = AutoRun
O33 - MountPoints2\{99508cb2-99bb-11df-883a-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99508cb2-99bb-11df-883a-705ab6cca4e2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ad3fddd0-972a-11df-8832-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad3fddd0-972a-11df-8832-705ab6cca4e2}\Shell\AutoRun\command - "" = F:\DIJAMANTE\\veciti.exe
O33 - MountPoints2\{ad3fddd0-972a-11df-8832-705ab6cca4e2}\Shell\explore\command - "" = F:\DIJAMANTE\\\veciti.exe
O33 - MountPoints2\{ad3fddd0-972a-11df-8832-705ab6cca4e2}\Shell\open\command - "" = F:\DIJAMANTE\\\veciti.exe
O33 - MountPoints2\{c1cd3e57-b704-11e1-9865-705ab6cca4e2}\Shell - "" = AutoRun
O33 - MountPoints2\{c1cd3e57-b704-11e1-9865-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1cd3e57-b704-11e1-9865-705ab6cca4e2}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eba33a82-7994-11e2-b30f-705ab6cca4e2}\Shell - "" = AutoRun
O33 - MountPoints2\{eba33a82-7994-11e2-b30f-705ab6cca4e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eba33a82-7994-11e2-b30f-705ab6cca4e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/22 08:33:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2013/05/21 15:06:28 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/21 10:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\RK_Quarantine
[2013/05/21 08:01:19 | 005,067,850 | R--- | C] (Swearware) -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2013/05/20 13:59:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/05/20 13:59:27 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/19 13:27:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/05/19 10:08:03 | 000,580,712 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5412.dll
[2013/05/19 10:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2013/05/19 10:07:50 | 001,979,280 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_OJ6500_E710n-z.dll
[2013/05/19 10:07:49 | 000,496,016 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_OJ6500_E710n-z.dll
[2013/05/19 10:07:40 | 002,216,848 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkins5412.exe
[2013/05/19 10:07:40 | 000,529,296 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412.dll
[2013/05/19 10:07:40 | 000,269,200 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5412LM.dll
[2013/05/19 10:07:40 | 000,221,072 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5412.dll
[2013/05/19 10:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2013/05/19 10:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/05/19 10:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\HP
[2013/05/19 05:10:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/19 05:10:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/19 05:10:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/19 05:10:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/19 05:08:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/19 05:08:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\My Documents\My Videos
[2013/05/19 05:08:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/05/19 05:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/18 18:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/05/18 18:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/05/18 18:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/05/18 18:29:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/18 18:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Malware removal tools
[2013/05/18 14:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2013/05/18 14:33:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/18 14:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\PacificLava
[2013/05/16 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/05/16 17:18:44 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/05/16 17:18:44 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/05/16 17:18:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/05/16 17:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/10 01:02:23 | 000,036,136 | ---- | C] (Oberon Media) -- C:\Documents and Settings\All Users\FullRemove.exe
[24 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/22 08:33:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2013/05/22 08:33:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2885428501-1300003180-414440772-1006UA.job
[2013/05/22 08:20:46 | 002,437,316 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\embsafs.rar
[2013/05/22 08:19:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/22 03:38:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/22 03:38:04 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/21 21:49:18 | 000,091,218 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\936246_10151695607655087_1772679123_n.jpg
[2013/05/21 21:46:49 | 000,096,378 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\968989_10151695607540087_1702526271_n.jpg
[2013/05/21 21:45:10 | 000,073,375 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\935109_10151695700605087_383304185_n.jpg
[2013/05/21 21:36:39 | 000,056,646 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\970350_10151695815690087_2090674697_n.jpg
[2013/05/21 21:31:15 | 000,066,819 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\576742_10151695699435087_1372127900_n.jpg
[2013/05/21 10:33:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2885428501-1300003180-414440772-1006Core.job
[2013/05/21 08:02:25 | 005,067,850 | R--- | M] (Swearware) -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2013/05/21 07:19:41 | 000,000,547 | ---- | M] () -- C:\WINDOWS\greWordList.INI
[2013/05/20 19:46:14 | 006,542,705 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Facing death faithfully.mp3
[2013/05/19 13:27:43 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2013/05/19 10:06:49 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/05/19 09:05:51 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/05/18 19:40:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/18 18:09:45 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/18 18:09:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/18 18:03:33 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/15 13:19:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/30 18:00:47 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/24 22:02:41 | 038,594,992 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\John_Berardi_-_Precision_Nutrition.rar
[24 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/22 08:20:18 | 002,437,316 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\embsafs.rar
[2013/05/21 21:49:18 | 000,091,218 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\936246_10151695607655087_1772679123_n.jpg
[2013/05/21 21:46:49 | 000,096,378 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\968989_10151695607540087_1702526271_n.jpg
[2013/05/21 21:45:10 | 000,073,375 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\935109_10151695700605087_383304185_n.jpg
[2013/05/21 21:36:39 | 000,056,646 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\970350_10151695815690087_2090674697_n.jpg
[2013/05/21 21:31:15 | 000,066,819 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\576742_10151695699435087_1372127900_n.jpg
[2013/05/21 16:28:10 | 1063,194,624 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/20 19:36:11 | 006,542,705 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Facing death faithfully.mp3
[2013/05/19 13:27:42 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2013/05/19 13:27:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/05/19 10:06:49 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/05/19 05:10:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/19 05:10:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/19 05:10:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/19 05:10:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/19 05:10:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/18 18:09:47 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/18 11:19:29 | 000,000,547 | ---- | C] () -- C:\WINDOWS\greWordList.INI
[2013/04/24 21:59:27 | 038,594,992 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\John_Berardi_-_Precision_Nutrition.rar
[2013/04/10 17:24:47 | 000,002,112 | ---- | C] () -- C:\Documents and Settings\Chris\fet2_settings.dat
[2013/04/10 17:19:13 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Chris\fet_settings.dat
[2013/03/23 11:52:02 | 000,638,464 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2013/03/23 11:51:59 | 000,823,296 | ---- | C] () -- C:\WINDOWS\npdbplug.dll
[2012/11/23 21:36:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/10 21:56:09 | 000,000,053 | ---- | C] () -- C:\Documents and Settings\Chris\.gtk-bookmarks
[2012/08/10 21:22:18 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Chris\.recently-used.xbel
[2012/06/10 06:37:56 | 000,088,656 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/04/28 21:30:33 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/20 17:55:32 | 129,511,922 | ---- | C] () -- C:\Documents and Settings\Chris\__rzi_00.562
[2012/02/28 12:19:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/27 16:57:04 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\coreavc.ini
[2011/06/21 15:41:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/16 08:51:44 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/11/09 22:33:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/22 00:36:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 17:40:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 17:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3C56885
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7E5A8F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:444C53BA
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9176C0
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93DE1838

< End of report >
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users