Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Something.


  • This topic is locked This topic is locked
46 replies to this topic

#1 cerealz

cerealz

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 06 June 2013 - 08:15 AM

Hi Guys!

 

Need your help.

Tried follow yr preparation guide. but i cannot complete installing DDS. As the window closes automatically.

The same goes for msconfig, system restore does NOT run.

And when the comp boots up, I get a Avast error msg that it is trying to redirect me to a certain coperton website.

I learnt that i was severely infected when i was trying to clear a autorun.inf problem.

 

 

Anything else i can provide you guys with, pls let me know.

Thanks in advance for all yr help!



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 08 June 2013 - 05:14 PM


Hello cerealz

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cerealz

cerealz
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 09 June 2013 - 02:39 AM

Hi Gringo.

 

Thx so much for replying to my help request!

I think im infected by something that closes all exe files.

 

When i run the otl.exe. i see the console for a split sec then it closes.

Anyway, to work ard it? thX!



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 09 June 2013 - 02:56 AM


Hello cerealz

Lets try this and which operating system are you using



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cerealz

cerealz
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 09 June 2013 - 03:13 AM

Hi Gringo!

 

Thx for yr super rapid reply.

 

heres the FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013
Ran by Cerealz (administrator) on 09-06-2013 16:05:59
Running from C:\Documents and Settings\Cerealz\Desktop\INFECTION
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
() C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(SugarSync, Inc.) C:\Program Files\SugarSync\SugarSync.exe
(Microsoft Corporation) C:\WINDOWS\System32\WScript.exe
() C:\Program Files\Imation\ImationFlashDetect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(SRWare) C:\Program Files\SRWare Iron\iron.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [208952 2006-02-28] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [455168 2006-02-28] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [455168 2006-02-28] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [402 2013-06-09] ()
HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [x]
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot [202256 2010-02-19] (RealNetworks, Inc.)
HKLM\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: []  [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\Run: [Bonus.SSR.FR11] "C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun [934152 2011-11-07] (ABBYY.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-07] (AVAST Software)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAA0ADQAOQAxADAAOAAxADYALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQANAAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEALQBEAEQAVAArADMANAA3ADIAOAAtAFMAVAA5ADAARgBBAFAAUAArADEALQBEAEQAOQAwAEYAKwAxAC0ARgA5ADAATQAxADIARABOACsAMQAtAFQAQgBOACsAMQAtAFUAOQA1ACsAMQA"&"prod=90"&"ver=9.0.894 [x]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Documents and Settings\Cerealz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [135664 2009-11-06] (Google Inc.)
HKCU\...\Run: [SugarSync] "C:\Program Files\SugarSync\SugarSync.exe" -startInTray -usedelay=true [12491104 2013-04-23] (SugarSync, Inc.)
HKCU\...\Run: [fd6] C:\Documents and Settings\Cerealz\Application Data\eb7a\fd6.js [49000 2013-06-09] ()
MountPoints2: {0edd86c3-80c3-11df-881b-0030670be535} - F:\LaunchU3.exe -a
MountPoints2: {3107de52-56cc-11e0-8951-0030670be535} - F:\LaunchU3.exe -a
MountPoints2: {6cb303fa-5dd0-11df-87ee-0030670be535} - F:\.\Vado\Vado.exe
MountPoints2: {b60600be-a351-11de-86ff-0030670be535} - F:\LaunchU3.exe -a
MountPoints2: {c4604956-1bbb-11e0-8903-0030670be535} - F:\LaunchU3.exe -a
MountPoints2: {cfa34062-dcef-11df-88a9-0030670be535} - F:\LaunchU3.exe -a
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ae2e.js ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ae2e.js ()
Startup: C:\Documents and Settings\Cerealz\Start Menu\Programs\Startup\ae2e.js ()
Startup: C:\Documents and Settings\Cerealz\Start Menu\Programs\Startup\ImationFlashDetect.lnk
ShortcutTarget: ImationFlashDetect.lnk -> C:\Program Files\Imation\ImationFlashDetect.exe ()
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ae2e.js ()
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.itradecimb.com.sg/app/home.z
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll [142336] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Cerealz\Application Data\Mozilla\Firefox\Profiles\lm40ml16.default
FF Homepage: hxxp://www.google.com.sg/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.688 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.688 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.688 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Cerealz\Application Data\Mozilla\Firefox\Profiles\lm40ml16.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Documents and Settings\Cerealz\Application Data\Mozilla\Firefox\Profiles\lm40ml16.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Cerealz\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Cerealz\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Cerealz\Local Settings\Application Data\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Flock Update) - C:\Documents and Settings\Cerealz\Local Settings\Application Data\Flock\Update\1.2.213.0\npFlockOneClick8.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Cerealz\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\Cerealz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\Cerealz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (MouseHunt AutoBot) - C:\Documents and Settings\Cerealz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgifpdckjdccaagjmjnbggkicanonngc\1.26_0
CHR Extension: (avast! WebRep) - C:\Documents and Settings\Cerealz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0
CHR Extension: (Gmail) - C:\Documents and Settings\Cerealz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
========================== Services (Whitelisted) =================
 
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-07-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2012-03-07] (AVAST Software)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2095752 2013-06-04] ()
S2 KMService; C:\WINDOWS\system32\srvany.exe [8192 2012-01-05] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [24920 2012-03-07] (AVAST Software)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-12] (Advanced Micro Devices)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-07] (AVAST Software)
R2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [95704 2012-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35672 2012-03-07] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-07] (AVAST Software)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [4125696 2009-07-03] (ATI Technologies Inc.)
R1 BIOS; C:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347080 2009-06-04] (Creative Technology Ltd)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-09] (Malwarebytes Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2006-02-28] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2006-02-28] (Microsoft Corporation)
R1 Pd71.sys; C:\Windows\System32\DRIVERS\Pd71.sys [44320 2007-04-05] ()
R1 Pd71Qve.sys; C:\Windows\System32\DRIVERS\Pd71Qve.sys [500224 2004-10-06] (QSound Labs, Inc.)
R3 Pd71Wdm.sys; C:\Windows\System32\DRIVERS\Pd71Wdm.sys [32544 2007-04-05] ()
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [117888 2008-10-30] (Realtek Semiconductor Corporation                           )
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295936 2013-01-30] (EldoS Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
S3 CT20XUT.DLL; system32\CT20XUT.DLL [x]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [x]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [x]
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-09 16:05 - 2013-06-09 16:05 - 00000000 ____D C:\FRST
2013-06-09 15:40 - 2013-06-09 16:04 - 00000000 ____D C:\Documents and Settings\Cerealz\Desktop\INFECTION
2013-06-09 15:24 - 2013-06-09 15:24 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-09 14:22 - 2013-06-09 14:22 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-09 14:22 - 2013-06-09 14:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-09 14:22 - 2013-06-09 14:22 - 00000000 ____D C:\Documents and Settings\Cerealz\Application Data\Malwarebytes
2013-06-09 14:22 - 2013-06-09 14:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-06-09 14:22 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-09 09:22 - 2013-06-09 09:22 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
2013-06-07 20:49 - 2013-06-07 20:49 - 00001689 ____A C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-06-07 20:00 - 2013-06-07 20:00 - 00020427 ____A C:\Documents and Settings\Administrator\My Documents\attach.txt
2013-06-07 20:00 - 2013-06-07 20:00 - 00008815 ____A C:\Documents and Settings\Administrator\My Documents\dds.txt
2013-06-07 19:57 - 2013-06-07 19:57 - 00020427 ____A C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-06-07 19:57 - 2013-06-07 19:57 - 00008815 ____A C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-06-07 19:41 - 2013-06-07 19:41 - 00000000 ____D C:\Documents and Settings\Administrator\IETldCache
2013-05-28 17:59 - 2013-05-28 17:59 - 00000000 __SHD C:\Program Files\f472
2013-05-28 17:59 - 2013-05-28 17:59 - 00000000 __SHD C:\ea8ce
2013-05-28 17:59 - 2013-05-28 17:59 - 00000000 __SHD C:\Documents and Settings\Cerealz\Application Data\eb7a
2013-05-16 19:36 - 2013-05-16 19:37 - 00011675 ____A C:\Windows\KB2829530-IE8.log
2013-05-16 19:34 - 2013-05-16 19:37 - 00002775 ____A C:\Windows\updspapi.log
2013-05-16 19:34 - 2013-05-16 19:34 - 00006918 ____A C:\Windows\KB2820197.log
2013-05-16 19:34 - 2013-05-16 19:34 - 00005850 ____A C:\Windows\KB2847204-IE8.log
2013-05-16 19:34 - 2013-05-16 19:34 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-16 19:32 - 2013-05-16 19:37 - 00026904 ____A C:\Windows\iis6.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00024731 ____A C:\Windows\FaxSetup.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00011824 ____A C:\Windows\ocgen.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00011285 ____A C:\Windows\tsoc.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00008240 ____A C:\Windows\comsetup.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00007594 ____A C:\Windows\msmqinst.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00004992 ____A C:\Windows\ntdtcsetup.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00004332 ____A C:\Windows\netfxocm.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00001700 ____A C:\Windows\MedCtrOC.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00001374 ____A C:\Windows\imsins.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00001368 ____A C:\Windows\ocmsn.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00001244 ____A C:\Windows\tabletoc.log
2013-05-16 19:32 - 2013-05-16 19:37 - 00001236 ____A C:\Windows\msgsocm.log
2013-05-16 19:32 - 2013-05-16 19:34 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-16 19:32 - 2013-05-16 19:32 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-16 19:32 - 2013-05-16 19:32 - 00000000 ____A C:\Windows\setuperr.log
2013-05-16 19:32 - 2013-05-16 19:32 - 00000000 ____A C:\Windows\setupact.log
2013-05-16 15:17 - 2013-05-16 19:32 - 00009523 ____A C:\Windows\KB2829361.log
2013-05-12 16:39 - 2013-05-12 16:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-12 16:37 - 2013-05-12 16:38 - 06953496 ____A (Microsoft Corporation) C:\Documents and Settings\Cerealz\Desktop\Silverlight.exe
 
==================== One Month Modified Files and Folders ========
 
2013-06-09 16:05 - 2013-06-09 16:05 - 00000000 ____D C:\FRST
2013-06-09 16:04 - 2013-06-09 15:40 - 00000000 ____D C:\Documents and Settings\Cerealz\Desktop\INFECTION
2013-06-09 15:59 - 2012-07-14 08:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-09 15:26 - 2009-07-23 22:56 - 00513916 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-09 15:25 - 2009-07-23 15:07 - 01228923 ____A C:\Windows\WindowsUpdate.log
2013-06-09 15:24 - 2013-06-09 15:24 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-09 15:22 - 2010-02-19 12:14 - 00000282 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1844237615-682003330-1003.job
2013-06-09 15:22 - 2009-07-23 22:59 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-09 15:22 - 2009-07-23 22:58 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-09 15:22 - 2006-02-28 20:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-06-09 15:21 - 2009-07-23 15:10 - 00000062 __ASH C:\Documents and Settings\Cerealz\Local Settings\desktop.ini
2013-06-09 15:21 - 2009-07-23 15:10 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-09 15:21 - 2009-07-23 15:09 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-09 15:21 - 2009-07-23 15:09 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-09 15:21 - 2009-02-04 12:13 - 00219120 ____A C:\Windows\System32\ativvaxx.cap
2013-06-09 15:20 - 2011-12-01 18:24 - 00131072 ____A C:\Windows\System32\config\OAlerts.evt
2013-06-09 15:20 - 2009-07-23 15:10 - 00032564 ____A C:\Windows\SchedLgU.Txt
2013-06-09 15:20 - 2009-07-23 15:10 - 00000278 ___SH C:\Documents and Settings\Cerealz\ntuser.ini
2013-06-09 15:16 - 2009-11-06 12:54 - 00000986 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1844237615-682003330-1003UA.job
2013-06-09 14:22 - 2013-06-09 14:22 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-09 14:22 - 2013-06-09 14:22 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-09 14:22 - 2013-06-09 14:22 - 00000000 ____D C:\Documents and Settings\Cerealz\Application Data\Malwarebytes
2013-06-09 14:22 - 2013-06-09 14:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-06-09 13:16 - 2009-11-06 12:54 - 00000934 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1844237615-682003330-1003Core.job
2013-06-09 13:09 - 2013-01-25 19:46 - 00000000 ____D C:\Documents and Settings\Cerealz\My Documents\My SugarSync
2013-06-09 11:34 - 2013-02-04 15:43 - 00000000 ____D C:\Documents and Settings\Cerealz\Desktop\Kenneth Sync 2
2013-06-09 09:22 - 2013-06-09 09:22 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
2013-06-08 13:28 - 2010-02-19 12:14 - 00000290 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1844237615-682003330-1003.job
2013-06-08 13:02 - 2013-04-18 16:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-08 09:19 - 2012-04-20 13:23 - 00000000 ____D C:\Documents and Settings\Cerealz\Local Settings\Application Data\COMODO
2013-06-08 09:04 - 2013-01-17 17:54 - 00047368 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-06-08 09:04 - 2012-05-05 18:33 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Comodo
2013-06-08 09:04 - 2012-04-20 13:23 - 00000000 ____D C:\Program Files\Comodo
2013-06-07 20:49 - 2013-06-07 20:49 - 00001689 ____A C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-06-07 20:49 - 2009-07-23 15:07 - 00002625 ____A C:\Windows\System32\CONFIG.NT
2013-06-07 20:45 - 2009-07-23 15:05 - 00000000 ____D C:\Windows\Registration
2013-06-07 20:00 - 2013-06-07 20:00 - 00020427 ____A C:\Documents and Settings\Administrator\My Documents\attach.txt
2013-06-07 20:00 - 2013-06-07 20:00 - 00008815 ____A C:\Documents and Settings\Administrator\My Documents\dds.txt
2013-06-07 19:57 - 2013-06-07 19:57 - 00020427 ____A C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-06-07 19:57 - 2013-06-07 19:57 - 00008815 ____A C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-06-07 19:41 - 2013-06-07 19:41 - 00000000 ____D C:\Documents and Settings\Administrator\IETldCache
2013-06-06 21:15 - 2012-12-08 11:48 - 00000000 ___HD C:\Documents and Settings\Cerealz\Desktop\.picasaoriginals
2013-06-03 16:48 - 2009-08-05 20:24 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-06-03 16:03 - 2013-01-25 19:45 - 00000000 ____D C:\Documents and Settings\Cerealz\Local Settings\Application Data\SugarSync
2013-05-28 17:59 - 2013-05-28 17:59 - 00000000 __SHD C:\Program Files\f472
2013-05-28 17:59 - 2013-05-28 17:59 - 00000000 __SHD C:\ea8ce
2013-05-28 17:59 - 2013-05-28 17:59 - 00000000 __SHD C:\Documents and Settings\Cerealz\Application Data\eb7a
2013-05-22 15:14 - 2009-08-04 19:29 - 00363008 __ASH C:\Documents and Settings\Cerealz\Desktop\Thumbs.db
2013-05-17 17:34 - 2011-04-01 17:31 - 00000000 ____D C:\Documents and Settings\Cerealz\Desktop\Koi
2013-05-16 20:15 - 2009-07-23 15:14 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-16 20:06 - 2009-07-23 22:55 - 00207304 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 19:37 - 2013-05-16 19:36 - 00011675 ____A C:\Windows\KB2829530-IE8.log
2013-05-16 19:37 - 2013-05-16 19:34 - 00002775 ____A C:\Windows\updspapi.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00026904 ____A C:\Windows\iis6.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00024731 ____A C:\Windows\FaxSetup.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00011824 ____A C:\Windows\ocgen.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00011285 ____A C:\Windows\tsoc.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00008240 ____A C:\Windows\comsetup.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00007594 ____A C:\Windows\msmqinst.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00004992 ____A C:\Windows\ntdtcsetup.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00004332 ____A C:\Windows\netfxocm.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00001700 ____A C:\Windows\MedCtrOC.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00001374 ____A C:\Windows\imsins.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00001368 ____A C:\Windows\ocmsn.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00001244 ____A C:\Windows\tabletoc.log
2013-05-16 19:37 - 2013-05-16 19:32 - 00001236 ____A C:\Windows\msgsocm.log
2013-05-16 19:36 - 2009-08-05 21:23 - 00000000 ____D C:\Windows\ie8updates
2013-05-16 19:34 - 2013-05-16 19:34 - 00006918 ____A C:\Windows\KB2820197.log
2013-05-16 19:34 - 2013-05-16 19:34 - 00005850 ____A C:\Windows\KB2847204-IE8.log
2013-05-16 19:34 - 2013-05-16 19:34 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-16 19:34 - 2013-05-16 19:32 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-16 19:34 - 2009-07-23 15:08 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-16 19:32 - 2013-05-16 19:32 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-16 19:32 - 2013-05-16 19:32 - 00000000 ____A C:\Windows\setuperr.log
2013-05-16 19:32 - 2013-05-16 19:32 - 00000000 ____A C:\Windows\setupact.log
2013-05-16 19:32 - 2013-05-16 15:17 - 00009523 ____A C:\Windows\KB2829361.log
2013-05-16 19:32 - 2009-08-05 14:59 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 19:31 - 2011-12-01 18:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-05-15 21:03 - 2013-05-06 11:39 - 00000000 ____D C:\Documents and Settings\Cerealz\Desktop\KENNETH DIP
2013-05-15 17:59 - 2012-04-08 09:02 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 17:59 - 2011-08-25 13:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-12 16:39 - 2013-05-12 16:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-12 16:38 - 2013-05-12 16:37 - 06953496 ____A (Microsoft Corporation) C:\Documents and Settings\Cerealz\Desktop\Silverlight.exe
2013-05-12 16:14 - 2012-04-16 13:07 - 00000000 ____D C:\Program Files\SRWare Iron
2013-05-11 11:26 - 2009-07-26 22:16 - 00000000 ____D C:\Documents and Settings\Cerealz\Application Data\vlc
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================


My apologies.

 

cant seem to find the attachment button.

 

So here's the Addition

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2013
Ran by Cerealz at 2013-06-09 16:06:35 Run:
Running from C:\Documents and Settings\Cerealz\Desktop\INFECTION
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
µTorrent (Version: 1.8.3)
µTorrent (Version: 3.3.0.29544)
ABBYY FineReader 11 Corporate Edition (Version: 11.0.376)
Acrobat.com (Version: 1.7.186)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe AIR (Version: 1.5.1.8210)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.2) (Version: 10.1.2)
AMD Processor Driver (Version: 1.3.2.0053)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Display Driver (Version: 8.632-090702a-084680C-ATI)
avast! Free Antivirus (Version: 7.0.1426.0)
Bonjour (Version: 3.0.0.10)
Canon MF Toolbox 4.9.1.1.mf11 (Version: 4.9.1.1.mf11)
Canon MF4500 Series (Version: 3.8.0.0)
CCleaner (Version: 4.00)
Chinese Traditional Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Comodo Dragon (Version: 27.1.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CoolNovo (Version: 2.0.7.11)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
doPDF 7.2 printer
Garena (Version: 3.2)
Google Chrome (Version: 27.0.1453.110)
iFunbox (v2.1.2228.731), iFunbox DevTeam (Version: v2.1.2228.731)
IrfanView (remove only) (Version: 4.30)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.4734.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
Ms Word Excel Cracker 2.0
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
OpenAL
Picasa 3 (Version: 3.9)
Presto! PageManager 7.15.35 (Version: 7.15.35)
QuickTime (Version: 7.73.80.64)
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.20.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5755)
RealUpgrade 1.0 (Version: 1.0.0)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.10 (Version: 5.10.116)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SRWare Iron version SRWare Iron 18.0.1050.0 (Version: SRWare Iron 18.0.1050.0)
SugarSync (Version: 2.0.18.112077)
tokidoki screensaver 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 2.0.5 (Version: 2.0.5)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.61 )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format Runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Yahoo! Detect
 
==================== Restore Points  =========================
 
09-06-2013 01:36:00 System Checkpoint
 
==================== Hosts content: ==========================
 
127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 3dns-5.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 ereg.wip4.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 www.wip3.adobe.com 127.0.0.1 www.wip4.adobe.com 127.0.0.1 www.adobeereg.com 127.0.0.1 adobeereg.com 127.0.0.1 hl2rcv.adobe.com 127.0.0.1 wwis-dubc1-vip30.adobe.com 127.0.0.1 wwis-dubc1-vip31.adobe.com 127.0.0.1 wwis-dubc1-vip32.adobe.com 127.0.0.1 wwis-dubc1-vip33.adobe.com 127.0.0.1 wwis-dubc1-vip34.adobe.com 127.0.0.1 wwis-dubc1-vip35.adobe.com 127.0.0.1 wwis-dubc1-vip36.adobe.com 127.0.0.1 wwis-dubc1-vip37.adobe.com 127.0.0.1 wwis-dubc1-vip38.adobe.com 127.0.0.1 wwis-dubc1-vip39.adobe.com 127.0.0.1 wwis-dubc1-vip40.adobe.com 127.0.0.1 wwis-dubc1-vip41.adobe.com 127.0.0.1 wwis-dubc1-vip42.adobe.com 127.0.0.1 wwis-dubc1-vip43.adobe.com 127.0.0.1 wwis-dubc1-vip44.adobe.com 127.0.0.1 wwis-dubc1-vip45.adobe.com 127.0.0.1 wwis-dubc1-vip46.adobe.com 127.0.0.1 wwis-dubc1-vip47.adobe.com 127.0.0.1 wwis-dubc1-vip48.adobe.com 127.0.0.1 wwis-dubc1-vip49.adobe.com 127.0.0.1 wwis-dubc1-vip50.adobe.com 127.0.0.1 wwis-dubc1-vip51.adobe.com 127.0.0.1 wwis-dubc1-vip52.adobe.com 127.0.0.1 wwis-dubc1-vip53.adobe.com 127.0.0.1 wwis-dubc1-vip54.adobe.com 127.0.0.1 wwis-dubc1-vip55.adobe.com 127.0.0.1 wwis-dubc1-vip56.adobe.com 127.0.0.1 wwis-dubc1-vip57.adobe.com 127.0.0.1 wwis-dubc1-vip58.adobe.com 127.0.0.1 wwis-dubc1-vip59.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 wwis-dubc1-vip61.adobe.com 127.0.0.1 wwis-dubc1-vip62.adobe.com 127.0.0.1 wwis-dubc1-vip63.adobe.com 127.0.0.1 wwis-dubc1-vip64.adobe.com 127.0.0.1 wwis-dubc1-vip65.adobe.com 127.0.0.1 wwis-dubc1-vip66.adobe.com 127.0.0.1 wwis-dubc1-vip67.adobe.com 127.0.0.1 wwis-dubc1-vip68.adobe.com 127.0.0.1 wwis-dubc1-vip69.adobe.com 127.0.0.1 wwis-dubc1-vip70.adobe.com 127.0.0.1 wwis-dubc1-vip71.adobe.com 127.0.0.1 wwis-dubc1-vip72.adobe.com 127.0.0.1 wwis-dubc1-vip73.adobe.com 127.0.0.1 wwis-dubc1-vip74.adobe.com 127.0.0.1 wwis-dubc1-vip75.adobe.com 127.0.0.1 wwis-dubc1-vip76.adobe.com 127.0.0.1 wwis-dubc1-vip77.adobe.com 127.0.0.1 wwis-dubc1-vip78.adobe.com 127.0.0.1 wwis-dubc1-vip79.adobe.com 127.0.0.1 wwis-dubc1-vip80.adobe.com 127.0.0.1 wwis-dubc1-vip81.adobe.com 127.0.0.1 wwis-dubc1-vip82.adobe.com 127.0.0.1 wwis-dubc1-vip83.adobe.com 127.0.0.1 wwis-dubc1-vip84.adobe.com 127.0.0.1 wwis-dubc1-vip85.adobe.com 127.0.0.1 wwis-dubc1-vip86.adobe.com 127.0.0.1 wwis-dubc1-vip87.adobe.com 127.0.0.1 wwis-dubc1-vip88.adobe.com 127.0.0.1 wwis-dubc1-vip89.adobe.com 127.0.0.1 wwis-dubc1-vip90.adobe.com 127.0.0.1 wwis-dubc1-vip91.adobe.com 127.0.0.1 wwis-dubc1-vip92.adobe.com 127.0.0.1 wwis-dubc1-vip93.adobe.com 127.0.0.1 wwis-dubc1-vip94.adobe.com 127.0.0.1 wwis-dubc1-vip95.adobe.com 127.0.0.1 wwis-dubc1-vip96.adobe.com 127.0.0.1 wwis-dubc1-vip97.adobe.com 127.0.0.1 wwis-dubc1-vip98.adobe.com 127.0.0.1 wwis-dubc1-vip99.adobe.com 127.0.0.1 wwis-dubc1-vip100.adobe.com 127.0.0.1 wwis-dubc1-vip101.adobe.com 127.0.0.1 wwis-dubc1-vip102.adobe.com 127.0.0.1 wwis-dubc1-vip103.adobe.com 127.0.0.1 wwis-dubc1-vip104.adobe.com 127.0.0.1 wwis-dubc1-vip105.adobe.com 127.0.0.1 wwis-dubc1-vip106.adobe.com 127.0.0.1 wwis-dubc1-vip107.adobe.com 127.0.0.1 wwis-dubc1-vip108.adobe.com 127.0.0.1 wwis-dubc1-vip109.adobe.com 127.0.0.1 wwis-dubc1-vip110.adobe.com 127.0.0.1 wwis-dubc1-vip111.adobe.com 127.0.0.1 wwis-dubc1-vip112.adobe.com 127.0.0.1 wwis-dubc1-vip113.adobe.com 127.0.0.1 wwis-dubc1-vip114.adobe.com 127.0.0.1 wwis-dubc1-vip115.adobe.com 127.0.0.1 wwis-dubc1-vip116.adobe.com 127.0.0.1 wwis-dubc1-vip117.adobe.com 127.0.0.1 wwis-dubc1-vip118.adobe.com 127.0.0.1 wwis-dubc1-vip119.adobe.com 127.0.0.1 wwis-dubc1-vip120.adobe.com 127.0.0.1 wwis-dubc1-vip121.adobe.com 127.0.0.1 wwis-dubc1-vip122.adobe.com 127.0.0.1 wwis-dubc1-vip123.adobe.com 127.0.0.1 wwis-dubc1-vip124.adobe.com 127.0.0.1 wwis-dubc1-vip125.adobe.com 
127.0.0.1       localhost
127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 3dns-5.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 ereg.wip4.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 www.wip3.adobe.com 127.0.0.1 www.wip4.adobe.com 127.0.0.1 www.adobeereg.com 127.0.0.1 adobeereg.com 127.0.0.1 hl2rcv.adobe.com 127.0.0.1 wwis-dubc1-vip30.adobe.com 127.0.0.1 wwis-dubc1-vip31.adobe.com 127.0.0.1 wwis-dubc1-vip32.adobe.com 127.0.0.1 wwis-dubc1-vip33.adobe.com 127.0.0.1 wwis-dubc1-vip34.adobe.com 127.0.0.1 wwis-dubc1-vip35.adobe.com 127.0.0.1 wwis-dubc1-vip36.adobe.com 127.0.0.1 wwis-dubc1-vip37.adobe.com 127.0.0.1 wwis-dubc1-vip38.adobe.com 127.0.0.1 wwis-dubc1-vip39.adobe.com 127.0.0.1 wwis-dubc1-vip40.adobe.com 127.0.0.1 wwis-dubc1-vip41.adobe.com 127.0.0.1 wwis-dubc1-vip42.adobe.com 127.0.0.1 wwis-dubc1-vip43.adobe.com 127.0.0.1 wwis-dubc1-vip44.adobe.com 127.0.0.1 wwis-dubc1-vip45.adobe.com 127.0.0.1 wwis-dubc1-vip46.adobe.com 127.0.0.1 wwis-dubc1-vip47.adobe.com 127.0.0.1 wwis-dubc1-vip48.adobe.com 127.0.0.1 wwis-dubc1-vip49.adobe.com 127.0.0.1 wwis-dubc1-vip50.adobe.com 127.0.0.1 wwis-dubc1-vip51.adobe.com 127.0.0.1 wwis-dubc1-vip52.adobe.com 127.0.0.1 wwis-dubc1-vip53.adobe.com 127.0.0.1 wwis-dubc1-vip54.adobe.com 127.0.0.1 wwis-dubc1-vip55.adobe.com 127.0.0.1 wwis-dubc1-vip56.adobe.com 127.0.0.1 wwis-dubc1-vip57.adobe.com 127.0.0.1 wwis-dubc1-vip58.adobe.com 127.0.0.1 wwis-dubc1-vip59.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 wwis-dubc1-vip61.adobe.com 127.0.0.1 wwis-dubc1-vip62.adobe.com 127.0.0.1 wwis-dubc1-vip63.adobe.com 127.0.0.1 wwis-dubc1-vip64.adobe.com 127.0.0.1 wwis-dubc1-vip65.adobe.com 127.0.0.1 wwis-dubc1-vip66.adobe.com 127.0.0.1 wwis-dubc1-vip67.adobe.com 127.0.0.1 wwis-dubc1-vip68.adobe.com 127.0.0.1 wwis-dubc1-vip69.adobe.com 127.0.0.1 wwis-dubc1-vip70.adobe.com 127.0.0.1 wwis-dubc1-vip71.adobe.com 127.0.0.1 wwis-dubc1-vip72.adobe.com 127.0.0.1 wwis-dubc1-vip73.adobe.com 127.0.0.1 wwis-dubc1-vip74.adobe.com 127.0.0.1 wwis-dubc1-vip75.adobe.com 127.0.0.1 wwis-dubc1-vip76.adobe.com 127.0.0.1 wwis-dubc1-vip77.adobe.com 127.0.0.1 wwis-dubc1-vip78.adobe.com 127.0.0.1 wwis-dubc1-vip79.adobe.com 127.0.0.1 wwis-dubc1-vip80.adobe.com 127.0.0.1 wwis-dubc1-vip81.adobe.com 127.0.0.1 wwis-dubc1-vip82.adobe.com 127.0.0.1 wwis-dubc1-vip83.adobe.com 127.0.0.1 wwis-dubc1-vip84.adobe.com 127.0.0.1 wwis-dubc1-vip85.adobe.com 127.0.0.1 wwis-dubc1-vip86.adobe.com 127.0.0.1 wwis-dubc1-vip87.adobe.com 127.0.0.1 wwis-dubc1-vip88.adobe.com 127.0.0.1 wwis-dubc1-vip89.adobe.com 127.0.0.1 wwis-dubc1-vip90.adobe.com 127.0.0.1 wwis-dubc1-vip91.adobe.com 127.0.0.1 wwis-dubc1-vip92.adobe.com 127.0.0.1 wwis-dubc1-vip93.adobe.com 127.0.0.1 wwis-dubc1-vip94.adobe.com 127.0.0.1 wwis-dubc1-vip95.adobe.com 127.0.0.1 wwis-dubc1-vip96.adobe.com 127.0.0.1 wwis-dubc1-vip97.adobe.com 127.0.0.1 wwis-dubc1-vip98.adobe.com 127.0.0.1 wwis-dubc1-vip99.adobe.com 127.0.0.1 wwis-dubc1-vip100.adobe.com 127.0.0.1 wwis-dubc1-vip101.adobe.com 127.0.0.1 wwis-dubc1-vip102.adobe.com 127.0.0.1 wwis-dubc1-vip103.adobe.com 127.0.0.1 wwis-dubc1-vip104.adobe.com 127.0.0.1 wwis-dubc1-vip105.adobe.com 127.0.0.1 wwis-dubc1-vip106.adobe.com 127.0.0.1 wwis-dubc1-vip107.adobe.com 127.0.0.1 wwis-dubc1-vip108.adobe.com 127.0.0.1 wwis-dubc1-vip109.adobe.com 127.0.0.1 wwis-dubc1-vip110.adobe.com 127.0.0.1 wwis-dubc1-vip111.adobe.com 127.0.0.1 wwis-dubc1-vip112.adobe.com 127.0.0.1 wwis-dubc1-vip113.adobe.com 127.0.0.1 wwis-dubc1-vip114.adobe.com 127.0.0.1 wwis-dubc1-vip115.adobe.com 127.0.0.1 wwis-dubc1-vip116.adobe.com 127.0.0.1 wwis-dubc1-vip117.adobe.com 127.0.0.1 wwis-dubc1-vip118.adobe.com 127.0.0.1 wwis-dubc1-vip119.adobe.com 127.0.0.1 wwis-dubc1-vip120.adobe.com 127.0.0.1 wwis-dubc1-vip121.adobe.com 127.0.0.1 wwis-dubc1-vip122.adobe.com 127.0.0.1 wwis-dubc1-vip123.adobe.com 127.0.0.1 wwis-dubc1-vip124.adobe.com 127.0.0.1 wwis-dubc1-vip125.adobe.com 
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/09/2013 02:25:05 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/09/2013 02:24:58 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/09/2013 01:07:19 PM) (Source: Application Hang) (User: )
Description: Hanging application SugarSync.exe, version 2.0.18.46541, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/08/2013 00:45:00 PM) (Source: Application Hang) (User: )
Description: Hanging application SugarSync.exe, version 2.0.18.46541, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/08/2013 00:44:45 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/07/2013 04:13:20 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/07/2013 04:11:19 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/07/2013 03:44:35 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/07/2013 03:43:51 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.2.45, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (06/07/2013 03:43:49 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (06/09/2013 03:23:10 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
PCIIde
 
Error: (06/09/2013 03:21:42 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (06/08/2013 08:57:56 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 0030670BE535 has been
denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
 
Error: (06/07/2013 08:19:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (06/07/2013 08:18:41 PM) (Source: DCOM) (User: CEREALZZZ)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (06/07/2013 08:18:36 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (06/07/2013 08:10:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Aavmker4
AFD
AmdPPM
aswRdr
aswSnx
aswSP
aswTdi
BIOS
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Pd71.sys
RasAcd
Rdbss
Tcpip
 
Error: (06/07/2013 08:10:58 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 
%%31
 
Error: (06/07/2013 08:10:58 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
%%31
 
Error: (06/07/2013 08:10:58 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
%%31
 
 
Microsoft Office Sessions:
=========================
Error: (06/09/2013 02:25:05 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
 
Error: (06/09/2013 02:24:58 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
 
Error: (06/09/2013 01:07:19 PM) (Source: Application Hang)(User: )
Description: SugarSync.exe2.0.18.46541hungapp0.0.0.000000000
 
Error: (06/08/2013 00:45:00 PM) (Source: Application Hang)(User: )
Description: SugarSync.exe2.0.18.46541hungapp0.0.0.000000000
 
Error: (06/08/2013 00:44:45 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
 
Error: (06/07/2013 04:13:20 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
 
Error: (06/07/2013 04:11:19 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
 
Error: (06/07/2013 03:44:35 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
 
Error: (06/07/2013 03:43:51 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe10.1.2.45hungapp0.0.0.000000000
 
Error: (06/07/2013 03:43:49 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 53%
Total physical RAM: 1791.23 MB
Available physical RAM: 835.92 MB
Total Pagefile: 3685.9 MB
Available Pagefile: 2960.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.53 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:39.06 GB) (Free:1.98 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Cerealz) (Fixed) (Total:557.1 GB) (Free:133.46 GB) NTFS
Drive s: (SugarSync Drive) (Fixed) (Total:7.75 GB) (Free:4.99 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 596 GB) (Disk ID: CF89CF89)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=557 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#6 cerealz

cerealz
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 09 June 2013 - 03:23 AM

Hi Gringo.

Will leave office now. Get back to u in 24hrs. cheers!



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 09 June 2013 - 03:32 AM

Hello cerealz



I need you to download this script I have made for you --> Attached File  fixlist.txt   827bytes   8 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 cerealz

cerealz
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 10 June 2013 - 02:29 AM

Hi Gringo.

 

Here u go. Fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-06-2013
Ran by Cerealz at 2013-06-10 15:29:03 Run:1
Running from C:\Documents and Settings\Cerealz\Desktop\INFECTION\FRST
Boot Mode: Normal
 
==============================================
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\fd6 => Value deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ae2e.js  not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ae2e.js  not found.
C:\Documents and Settings\Cerealz\Start Menu\Programs\Startup\ae2e.js  not found.
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ae2e.js  not found.
C:\Documents and Settings\Cerealz\Application Data\eb7a\fd6.js => Moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ae2e.js => File/Directory not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ae2e.js => File/Directory not found.
C:\Documents and Settings\Cerealz\Start Menu\Programs\Startup\ae2e.js => File/Directory not found.
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ae2e.js => File/Directory not found.
 
==== End of Fixlog ====


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 10 June 2013 - 03:19 AM



Hello cerealz

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 cerealz

cerealz
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 10 June 2013 - 03:28 AM

Hi Gringo.

 

Unfortunately, both will NOT run. :(



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 10 June 2013 - 03:53 AM

will not download or will not run - most likely my last post for a few hors maybe one more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 cerealz

cerealz
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 10 June 2013 - 03:58 AM

Hi Gringo,

 

REbooted the comp.

 

No Probs downloading. Will not run....

 

Tried the 2 again.

 

JRT ran.

 

Here u go.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Cerealz on Mon 06/10/2013 at 16:53:30.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Documents and Settings\Cerealz\Application Data\mozilla\firefox\profiles\lm40ml16.default\minidumps [4 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/10/2013 at 16:55:07.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 10 June 2013 - 04:00 AM


Hello cerealz

OK lets try this one I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 cerealz

cerealz
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 10 June 2013 - 04:29 AM

Hi Gringo

 

No problems Downloading.

Same as most of the progs u had me run.

The console pops up momentarily and then closes again. Cannot Run. :(

 

Any ideas? thx!



#15 cerealz

cerealz
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 10 June 2013 - 05:55 AM

Hi Gringo

 

After rebooting and spamming a few times, combofix ran.

Unfortunately, System Scan Antivirus installed itself.

 

Anyways, here the combofix log.

 

 

ComboFix 13-06-08.02 - Cerealz 06/10/2013  18:36:53.1.3 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1791.1051 [GMT 8:00]
Running from: c:\documents and settings\Cerealz\Desktop\INFECTION\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\8CB68941BA4F93E200008CB5FC9199BE
c:\documents and settings\All Users\Application Data\8CB68941BA4F93E200008CB5FC9199BE\8CB68941BA4F93E200008CB5FC9199BE
c:\documents and settings\All Users\Application Data\8CB68941BA4F93E200008CB5FC9199BE\8CB68941BA4F93E200008CB5FC9199BE.exe
c:\documents and settings\All Users\Application Data\8CB68941BA4F93E200008CB5FC9199BE\8CB68941BA4F93E200008CB5FC9199BE.ico
c:\program files\driver
c:\windows\system32\drivers\tcpip.copy
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-10 to 2013-06-10  )))))))))))))))))))))))))))))))
.
.
2013-06-10 08:53 . 2013-06-10 08:53 -------- d-----w- c:\windows\ERUNT
2013-06-10 08:28 . 2013-06-10 08:52 -------- d-----w- C:\JRT
2013-06-09 08:05 . 2013-06-09 08:05 -------- d-----w- C:\FRST
2013-06-09 07:24 . 2013-06-09 07:24 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-09 06:22 . 2013-06-09 06:22 -------- d-----w- c:\documents and settings\Cerealz\Application Data\Malwarebytes
2013-06-09 06:22 . 2013-06-09 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-09 06:22 . 2013-06-09 06:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-09 06:22 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-09 01:22 . 2013-06-09 01:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2013-06-07 12:45 . 2013-06-07 12:45 -------- d-----w- c:\windows\system32\wbem\Repository
2013-06-07 11:41 . 2013-06-07 12:20 -------- d-s---w- c:\documents and settings\Administrator
2013-05-28 09:59 . 2013-06-10 08:43 -------- d-sh--w- c:\documents and settings\Cerealz\Application Data\eb7a
2013-05-28 09:59 . 2013-05-28 09:59 -------- d-----w- C:\ea8ce
2013-05-28 09:59 . 2013-05-28 09:59 -------- d-sh--w- c:\program files\f472
2013-05-12 08:39 . 2013-05-12 08:39 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 01:04 . 2013-01-17 09:54 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-05-15 09:59 . 2012-04-08 01:02 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 09:59 . 2011-08-25 05:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:17 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2006-02-28 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-04-18 08:41 . 2013-04-18 08:41 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 05:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-04-23 13:48 2099552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-04-23 13:48 2099552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-04-23 13:48 2099552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-04-23 13:48 2099552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-04-23 13:48 2099552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fd6"="c:\documents and settings\Cerealz\Application Data\eb7a\fd6.js" [X]
"SugarSync"="c:\program files\SugarSync\SugarSync.exe" [2013-04-23 12491104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-19 202256]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Bonus.SSR.FR11"="c:\program files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-06 934152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
a02ea.js [2013-6-10 444]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
a02ea.js [2013-6-10 444]
.
c:\documents and settings\Cerealz\Start Menu\Programs\Startup\
a02ea.js [2013-6-10 444]
ImationFlashDetect.lnk - c:\program files\Imation\ImationFlashDetect.exe [2011-1-15 835584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
a02ea.js [2013-6-10 444]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 05:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"="1"
"FirewallOverride"="1"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"="1"
"FirewallOverride"="1"
"FirewallDisableNotify"="1"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/5/2012 2:36 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/5/2012 2:36 PM 337880]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [7/23/2009 3:11 PM 13696]
R1 Pd71.sys;Service for ProDigy 7.1 EWDM2;c:\windows\system32\drivers\Pd71.sys [11/8/2010 7:50 PM 44320]
R1 Pd71Qve.sys;QVE for Prodigy 7.1 Service;c:\windows\system32\drivers\Pd71Qve.sys [11/8/2010 7:50 PM 500224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/5/2012 2:36 PM 20696]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [6/4/2013 10:58 PM 2095752]
R3 Pd71Wdm.sys;Service for ProDigy 7.1 WDM11;c:\windows\system32\drivers\Pd71Wdm.sys [11/8/2010 7:50 PM 32544]
R3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\drivers\sscbfs3.sys [3/6/2013 5:10 PM 295936]
S2 KMService;KMService;c:\windows\system32\srvany.exe [1/5/2012 2:11 PM 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/9/2013 3:24 PM 40776]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 09:59]
.
2013-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1844237615-682003330-1003Core.job
- c:\documents and settings\Cerealz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-06 04:54]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1844237615-682003330-1003UA.job
- c:\documents and settings\Cerealz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-06 04:54]
.
2013-06-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1844237615-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 10:38]
.
2013-06-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1844237615-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-09 10:38]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Cerealz\Application Data\Mozilla\Firefox\Profiles\lm40ml16.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sg/
FF - ExtSQL: !HIDDEN! 2009-09-02 20:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-10 18:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-06-10  18:41:48
ComboFix-quarantined-files.txt  2013-06-10 10:41
.
Pre-Run: 1,868,292,096 bytes free
Post-Run: 2,408,759,296 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 50FD7646B69295B017FE0AD603C1D6B2
8F558EB6672622401DA993E1E865C861
 

Gonna reboot and repost.

 

Thx!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users