Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continual explorer 'click', ran mbam and SAS and found some malware, ICE


  • This topic is locked This topic is locked
21 replies to this topic

#1 pfgiv

pfgiv

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 08 July 2013 - 04:57 PM

So i kept hearing a click, like when you click a link on the web and its sporadic but its still continuing at this moment. (grrrr if these jackasses at work ever touch my computer when I'm not here again there will be hell to pay)

 

I ran mbam and SAS which found some stuff but I'm thinking there may be a bunch more.

 

heres the mbam log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.08.06

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Admin :: LASER [administrator]

7/8/2013 5:01:06 PM
mbam-log-2013-07-08 (17-01-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226842
Time elapsed: 22 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\*\shellex\ContextMenuHandlers\{28949824-6737-0594-0930-223283753445} (Trojan.Agent.RDN) -> Quarantined and deleted successfully.
HKCR\CLSID\{28949824-6737-0594-0930-223283753445} (Trojan.Agent.RDN) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\WINDOWS\temp\jeycdtsdowvatendl.dll (Trojan.Agent.RDN) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\temp\A.tmp (Rootkit.0Access.ED) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\errgdg0nnrtg.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2433f433 (Trojan.Agent.TPL) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\2433f433 (Trojan.Agent.TPL) -> Quarantined and deleted successfully.

(end)
 

 



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 12 July 2013 - 05:24 AM

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link:http://www.gmer.net/gmer.zip
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 pfgiv

pfgiv
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 12 July 2013 - 11:27 AM

Hello Elle, thanks for your help

 

here is the DDS log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_31
Run by Admin at 12:22:06 on 2013-07-12
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.265 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Admin\Application Data\SearchProtect\bin\cltmng.exe
C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wiaacmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN38873602432308582&UM=2&UP=SPF0FB76EE-8063-4ED9-AA09-FD540FA08248
uURLSearchHooks: Power Challenge Toolbar: {208722fa-38e0-4142-83e5-a341b43a35dd} - c:\program files\power_challenge\prxtbPow2.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Power Challenge Toolbar: {208722fa-38e0-4142-83e5-a341b43a35dd} - c:\program files\power_challenge\prxtbPow2.dll
BHO: GetSavin 5.0: {43D68BF2-1068-4233-A820-E40CAA488474} - c:\documents and settings\admin\local settings\application data\getsavin\ie\getsavin_1366293601.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Power Challenge Toolbar: {208722FA-38E0-4142-83E5-A341B43A35DD} - c:\program files\power_challenge\prxtbPow2.dll
TB: Power Challenge Toolbar: {208722fa-38e0-4142-83e5-a341b43a35dd} - c:\program files\power_challenge\prxtbPow2.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SearchProtect] c:\documents and settings\admin\application data\searchprotect\bin\cltmng.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRun: [SearchProtect] c:\documents and settings\localservice\application data\searchprotect\bin\cltmng.exe
dRun: [qcgce2mrvjq91kk1e7pnbb19m52fx] c:\windows\temp\jeycdtsdowvatendl.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\admin\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 10.1.10.1
TCP: Interfaces\{81622D56-6EF1-4B27-A2D0-2B12987150B4} : DHCPNameServer = 10.1.10.1
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\zoyctfm5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN21940932041950428&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2009-2-24 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2009-2-24 52224]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-2-24 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-4-11 93984]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-7-11 714240]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?]
.
=============== Created Last 30 ================
.
2013-06-19 16:19:33    --------    d-----w-    c:\program files\Dropbox
.
==================== Find3M  ====================
.
2013-05-07 22:30:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-05-07 22:30:05    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29    385024    ------w-    c:\windows\system32\html.iec
2013-05-03 01:30:20    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:24:24.79 ===============
 

 

 

 

do you need to see the attach file as well?


Edited by pfgiv, 12 July 2013 - 11:52 AM.


#4 pfgiv

pfgiv
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 12 July 2013 - 11:49 AM

everytime i run gmer the computer blue screens and restarts



#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 13 July 2013 - 02:13 PM

Hi there,

 

 

Can you please copy/paste the Attach.txt log? I am not able to see it. :)

 

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#6 pfgiv

pfgiv
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 15 July 2013 - 08:33 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2009 12:19:19 AM
System Uptime: 7/11/2013 11:18:11 AM (25 hours ago)
.
Motherboard: BIOSTAR Group |  | P4M900-M7 FE
Processor: Intel® Pentium® Dual  CPU  E2200  @ 2.20GHz | Socket 775 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 1.317 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\3&2411E6FE&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\3&2411E6FE&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP93: 5/8/2013 10:20:42 AM - System Checkpoint
RP94: 5/9/2013 2:10:16 PM - System Checkpoint
RP95: 5/10/2013 2:24:16 PM - System Checkpoint
RP96: 5/11/2013 2:44:39 PM - System Checkpoint
RP97: 5/13/2013 10:29:24 AM - System Checkpoint
RP98: 5/14/2013 1:21:59 PM - System Checkpoint
RP99: 5/15/2013 1:27:23 PM - System Checkpoint
RP100: 5/16/2013 3:00:15 AM - Software Distribution Service 3.0
RP101: 5/17/2013 9:52:05 AM - System Checkpoint
RP102: 5/18/2013 10:34:41 AM - System Checkpoint
RP103: 5/19/2013 12:32:31 PM - System Checkpoint
RP104: 5/21/2013 1:59:57 PM - System Checkpoint
RP105: 5/22/2013 2:41:28 PM - System Checkpoint
RP106: 5/23/2013 3:35:24 PM - System Checkpoint
RP107: 5/24/2013 3:40:18 PM - System Checkpoint
RP108: 5/25/2013 4:15:04 PM - System Checkpoint
RP109: 5/26/2013 4:43:33 PM - System Checkpoint
RP110: 5/28/2013 3:46:20 PM - System Checkpoint
RP111: 5/29/2013 3:52:24 PM - System Checkpoint
RP112: 5/30/2013 4:25:53 PM - System Checkpoint
RP113: 6/1/2013 2:46:26 PM - System Checkpoint
RP114: 6/2/2013 2:52:25 PM - System Checkpoint
RP115: 6/3/2013 3:52:11 PM - System Checkpoint
RP116: 6/5/2013 2:28:52 PM - System Checkpoint
RP117: 6/6/2013 5:05:33 PM - System Checkpoint
RP118: 6/8/2013 9:16:52 AM - System Checkpoint
RP119: 6/9/2013 11:24:52 AM - System Checkpoint
RP120: 6/10/2013 1:16:31 PM - System Checkpoint
RP121: 6/11/2013 5:50:37 PM - System Checkpoint
RP122: 6/12/2013 5:56:58 PM - System Checkpoint
RP123: 6/12/2013 5:58:10 PM - Software Distribution Service 3.0
RP124: 6/13/2013 5:28:56 PM - Software Distribution Service 3.0
RP125: 6/14/2013 5:29:49 PM - System Checkpoint
RP126: 6/15/2013 5:37:43 PM - System Checkpoint
RP127: 6/18/2013 2:14:02 PM - System Checkpoint
RP128: 6/19/2013 2:16:19 PM - System Checkpoint
RP129: 6/20/2013 3:21:16 PM - System Checkpoint
RP130: 6/22/2013 10:14:52 AM - System Checkpoint
RP131: 6/23/2013 10:20:24 AM - System Checkpoint
RP132: 6/24/2013 1:49:06 PM - System Checkpoint
RP133: 6/25/2013 2:09:04 PM - System Checkpoint
RP134: 6/26/2013 6:29:24 PM - System Checkpoint
RP135: 6/28/2013 11:40:26 AM - System Checkpoint
RP136: 6/29/2013 12:02:47 PM - System Checkpoint
RP137: 7/1/2013 11:31:53 AM - System Checkpoint
RP138: 7/2/2013 1:27:00 PM - System Checkpoint
RP139: 7/3/2013 2:05:32 PM - System Checkpoint
RP140: 7/5/2013 11:21:15 AM - System Checkpoint
RP141: 7/6/2013 12:59:40 PM - System Checkpoint
RP142: 7/7/2013 1:02:21 PM - System Checkpoint
RP143: 7/9/2013 9:24:59 AM - System Checkpoint
RP144: 7/11/2013 12:13:26 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Dropbox
ESET Online Scanner v3
GetSavin
GolfLogix Course Manager 3.5
HiJackThis
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
iTunes
Java Auto Updater
Java™ 6 Update 31
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Norton Security Scan
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org 3.3
PL-2303 USB-to-Serial
Platform
Power_Challenge Toolbar
QuickTime
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.93
Search Protect by conduit
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SelectionLinks
SUPERAntiSpyware
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vendio XPress Image Publisher
VIA Display Driver 6.14.10.0099
VIA Platform Device Manager
VLC media player 2.0.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/8/2013 5:28:22 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  PCIIde ViaIde
7/8/2013 5:28:20 PM, error: Service Control Manager [7022]  - The WebClient service hung on starting.
7/8/2013 5:25:50 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
7/8/2013 5:24:20 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/8/2013 5:01:14 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BIOS Fips i8042prt intelppm SASDIFSV SASKUTIL
7/8/2013 5:00:13 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/8/2013 3:07:04 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/8/2013 2:35:40 PM, error: Service Control Manager [7034]  - The Network Location Awareness (NLA) service terminated unexpectedly.  It has done this 2 time(s).
7/8/2013 2:35:40 PM, error: Service Control Manager [7034]  - The COM+ Event System service terminated unexpectedly.  It has done this 2 time(s).
7/8/2013 2:35:40 PM, error: Service Control Manager [7031]  - The Help and Support service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
7/7/2013 2:48:22 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/7/2013 12:46:24 PM, error: System Error [1003]  - Error code 1000008e, parameter1 c0000005, parameter2 805e19b5, parameter3 8a9208ec, parameter4 00000000.
7/7/2013 12:37:48 PM, error: Srv [2019]  - The server was unable to allocate from the system nonpaged pool because the pool was empty.
.
==== End Of File ===========================
 



sorry for the delay, this is a work computer and i do not work over the weekends, thanks again for the help



#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 16 July 2013 - 02:45 PM

Hi there,

 

 

 

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  •  


  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.

Vista/Windows 7 users right-click and select Run As Administrator.

  • If TDSSKiller does not run, try renaming it.


  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.


  • Click the Start Scan button.


  • Do not use the computer during the scan


  • If the scan completes with nothing found, click Close to exit.


  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.


  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.

  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).


  • Copy and paste the contents of that file in your next reply.

 

 

 

 

Elle


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#8 pfgiv

pfgiv
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 17 July 2013 - 10:41 AM

Thanks, I can not get TDSSkiller to run. I tried to rename, and i tried to change the flie extension to a .com. Every thing I try to run I get a message that says xxxxxxx can not start because it is infected with W32/Blaster.worm.



#9 pfgiv

pfgiv
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 17 July 2013 - 11:15 AM

currently running ESET in safe mode, then will try TDSSkiller after that and will post logs here once completed.



#10 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 17 July 2013 - 01:53 PM

Hi there,

 

 

Please do not do other scans other then the ones I am instructing you to. This might cause more damage than help us as I am working with logs and any changed parameter counts.

 

 

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

 

 

 

Elle 


Edited by Blind Faith, 17 July 2013 - 01:53 PM.

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#11 pfgiv

pfgiv
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 18 July 2013 - 09:47 AM

otl.txt

 

 

OTL logfile created on: 7/18/2013 9:57:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.65% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 0.75 Gb Free Space | 2.02% Space Free | Partition Type: NTFS
Drive D: | 14.90 Gb Total Space | 13.27 Gb Free Space | 89.07% Space Free | Partition Type: FAT32
 
Computer Name: LASER | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/18 09:56:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2013/07/03 09:43:02 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/18 10:59:36 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/03 09:43:01 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/07/17 14:34:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/17 14:17:12 | 000,279,552 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\Macromed.exe -- (Macromed)
SRV - [2013/07/03 09:43:01 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/11 10:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/01/18 10:59:36 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UltraMonMirror.sys -- (UltraMonMirror)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/07/17 11:47:30 | 000,177,760 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\95536517.sys -- (44912670)
DRV - [2013/07/17 11:46:58 | 000,177,760 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\08779881.sys -- (34190281)
DRV - [2013/07/17 11:41:05 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\78393206.sys -- (13031960)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/10/18 06:28:52 | 000,052,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/10/18 06:28:30 | 000,016,896 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/10/16 19:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/09/21 05:49:10 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2007/07/11 14:08:46 | 000,714,240 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/16 02:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1292428093-602162358-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN38873602432308582&UM=2&UP=SPF0FB76EE-8063-4ED9-AA09-FD540FA08248
IE - HKU\S-1-5-21-1292428093-602162358-839522115-1003\..\URLSearchHook: {208722fa-38e0-4142-83e5-a341b43a35dd} - C:\Program Files\Power_Challenge\prxtbPow2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1292428093-602162358-839522115-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1292428093-602162358-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1292428093-602162358-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN38873602432308582&UM=2
IE - HKU\S-1-5-21-1292428093-602162358-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1292428093-602162358-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN21940932041950428&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/03 09:42:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/03 09:42:47 | 000,000,000 | ---D | M]
 
[2009/02/24 12:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2013/05/10 09:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zoyctfm5.default\extensions
[2013/05/10 09:44:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zoyctfm5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/18 10:05:35 | 000,001,102 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zoyctfm5.default\searchplugins\whitesmoke-new-customized-web-search.xml
[2013/07/03 09:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 09:43:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/03 10:12:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2013/01/04 15:08:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Power Challenge Toolbar) - {208722fa-38e0-4142-83e5-a341b43a35dd} - C:\Program Files\Power_Challenge\prxtbPow2.dll (Conduit Ltd.)
O2 - BHO: (GetSavin 5.0) - {43D68BF2-1068-4233-A820-E40CAA488474} - C:\Documents and Settings\Admin\Local Settings\Application Data\getsavin\ie\getsavin_1366293601.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Power Challenge Toolbar) - {208722fa-38e0-4142-83e5-a341b43a35dd} - C:\Program Files\Power_Challenge\prxtbPow2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1292428093-602162358-839522115-1003\..\Toolbar\WebBrowser: (Power Challenge Toolbar) - {208722FA-38E0-4142-83E5-A341B43A35DD} - C:\Program Files\Power_Challenge\prxtbPow2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\.DEFAULT..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\WINDOWS\temp\jeycdtsdowvatendl.exe (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\WINDOWS\temp\jeycdtsdowvatendl.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-20..\Run: [Adobe CSS5.1 Manager] C:\Documents and Settings\NetworkService\Local Settings\Application Data\a9b0b5a9-2899-418a-a97a-fcbe6b19191dad\abbaaaafcbebdad.exe ()
O4 - HKU\S-1-5-21-1292428093-602162358-839522115-1003..\Run: [Adobe CSS5.1 Manager] C:\Documents and Settings\Admin\Local Settings\Application Data\a9b0b5a9-2899-418a-a97a-fcbe6b19191dad\abbaaaafcbebdad.exe ()
O4 - HKU\S-1-5-21-1292428093-602162358-839522115-1003..\Run: [Internet Security] C:\Documents and Settings\All Users\Application Data\midefender.exe (DS Team)
O4 - HKU\S-1-5-21-1292428093-602162358-839522115-1003..\Run: [SearchProtect] C:\Documents and Settings\Admin\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-1292428093-602162358-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-20..\RunOnce: [Adobe CSS5.1 Manager] C:\Documents and Settings\NetworkService\Local Settings\Application Data\a9b0b5a9-2899-418a-a97a-fcbe6b19191dad\abbaaaafcbebdad.exe ()
O4 - HKU\S-1-5-21-1292428093-602162358-839522115-1003..\RunOnce: [Adobe CSS5.1 Manager] C:\Documents and Settings\Admin\Local Settings\Application Data\a9b0b5a9-2899-418a-a97a-fcbe6b19191dad\abbaaaafcbebdad.exe ()
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-602162358-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-602162358-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-602162358-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-602162358-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1292428093-602162358-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: abbaaaafcbebdad = C:\Documents and Settings\Admin\Local Settings\Application Data\a9b0b5a9-2899-418a-a97a-fcbe6b19191dad\abbaaaafcbebdad.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81622D56-6EF1-4B27-A2D0-2B12987150B4}: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - C:\Documents and Settings\Admin\My Documents\Downloads\golf_wallpaper03_1280w1024h.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/24 01:17:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/01/25 12:56:16 | 000,059,288 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/18 09:56:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/07/17 14:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2013/07/17 11:47:30 | 000,177,760 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\95536517.sys
[2013/07/17 11:46:58 | 000,177,760 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\08779881.sys
[2013/07/17 11:41:05 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\78393206.sys
[2013/07/17 11:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\a9b0b5a9-2899-418a-a97a-fcbe6b19191dad
[2013/07/17 11:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\a9b0b5a9-2899-418a-a97a-fcbe6b19191dad
[2013/07/17 11:13:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\assembly
[2013/07/17 11:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\a9b0b5a9-2899-418a-a97a-fcbe6b19191dad
[2013/07/17 11:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[2013/07/17 11:12:19 | 000,839,680 | ---- | C] (DS Team) -- C:\Documents and Settings\All Users\Application Data\midefender.exe
[2013/07/08 13:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/07/08 13:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/07/07 12:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2013/07/07 12:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2013/07/07 12:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2013/07/06 10:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/07/06 10:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/07/03 09:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/19 12:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/18 09:56:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/07/18 09:03:42 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/18 09:03:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/18 09:01:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/18 09:00:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\{1593F0BD-BEB9-47A9-B63C-800E5A24E3B9}.job
[2013/07/18 09:00:00 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\{AC102C75-3EA7-43C9-8A55-D42274CEC4FB}.job
[2013/07/18 08:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/17 18:00:00 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Admin.job
[2013/07/17 14:36:25 | 000,211,251 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/07/17 14:34:44 | 001,097,638 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2433f433
[2013/07/17 14:34:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/17 14:34:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/17 14:17:12 | 000,279,552 | ---- | M] () -- C:\WINDOWS\Macromed.exe
[2013/07/17 14:17:07 | 000,279,040 | ---- | M] () -- C:\jucheck.exe
[2013/07/17 14:17:06 | 000,231,424 | ---- | M] () -- C:\opera.exe
[2013/07/17 14:17:06 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Internet Security Pro.lnk
[2013/07/17 14:17:05 | 000,839,680 | ---- | M] (DS Team) -- C:\Documents and Settings\All Users\Application Data\midefender.exe
[2013/07/17 14:17:04 | 000,000,000 | ---- | M] () -- C:\vlcplayer.exe
[2013/07/17 11:47:30 | 000,177,760 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\95536517.sys
[2013/07/17 11:46:58 | 000,177,760 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\08779881.sys
[2013/07/17 11:41:05 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\78393206.sys
[2013/07/17 11:26:30 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\{02ADCCBD-A934-42A7-A4BE-1DC6735B0E9A}.job
[2013/07/17 11:12:19 | 000,231,424 | ---- | M] () -- C:\acrobat.exe
[2013/07/17 11:12:18 | 000,000,000 | ---- | M] () -- C:\jqs.exe
[2013/07/09 11:00:02 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to My Pictures.lnk
[2013/07/09 09:50:17 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2013/07/01 10:18:22 | 000,011,101 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\ebay sell.ods
[2013/06/19 12:20:42 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/19 12:18:51 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Dropbox.lnk
[2013/06/18 11:37:45 | 000,012,413 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Poker.ods
[2013/06/18 10:08:08 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/18 10:08:08 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/17 14:34:44 | 001,097,638 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2433f433
[2013/07/17 14:34:43 | 001,097,646 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\2433f433
[2013/07/17 14:34:39 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/17 14:17:06 | 000,279,040 | ---- | C] () -- C:\jucheck.exe
[2013/07/17 14:17:05 | 000,231,424 | ---- | C] () -- C:\opera.exe
[2013/07/17 14:17:04 | 000,000,000 | ---- | C] () -- C:\vlcplayer.exe
[2013/07/17 11:28:25 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\{1593F0BD-BEB9-47A9-B63C-800E5A24E3B9}.job
[2013/07/17 11:23:19 | 000,000,382 | -H-- | C] () -- C:\WINDOWS\tasks\{02ADCCBD-A934-42A7-A4BE-1DC6735B0E9A}.job
[2013/07/17 11:12:28 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\tasks\{AC102C75-3EA7-43C9-8A55-D42274CEC4FB}.job
[2013/07/17 11:12:25 | 000,279,552 | ---- | C] () -- C:\WINDOWS\Macromed.exe
[2013/07/17 11:12:20 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Internet Security Pro.lnk
[2013/07/17 11:12:18 | 000,231,424 | ---- | C] () -- C:\acrobat.exe
[2013/07/17 11:12:18 | 000,000,000 | ---- | C] () -- C:\jqs.exe
[2013/07/09 11:00:02 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to My Pictures.lnk
[2013/06/19 12:20:42 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/18 12:03:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/28 14:43:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2012/04/05 12:40:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/05 08:57:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable
[2011/05/06 17:46:02 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2013/07/17 15:26:38 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\@
[2013/07/17 14:17:11 | 000,029,696 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\n
[2013/07/18 09:56:09 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\L
[2013/07/17 14:17:28 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\U
[2013/07/18 09:03:05 | 000,000,804 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\L\00000004.@
[2013/07/17 14:17:27 | 000,002,048 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\U\00000004.@
[2013/07/17 14:17:27 | 000,001,024 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\U\00000008.@
[2013/07/17 14:17:27 | 000,001,632 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\U\000000cb.@
[2013/07/17 14:17:27 | 000,011,776 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\U\80000000.@
[2013/07/17 14:17:28 | 000,091,648 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\U\80000032.@
[2013/07/18 09:03:04 | 000,005,120 | -HS- | M] () -- C:\WINDOWS\assembly\GAC\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = C:\DOCUME~1\Admin\LOCALS~1\Temp\sieviyu\spulqbw\wow.dll -- [2013/06/29 09:01:48 | 000,097,280 | -HS- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 21:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\RECYCLER\S-1-5-18\$0a0d6da8ce702d1dd1a5418f1143cda8\n. -- [2013/07/17 14:17:11 | 000,029,696 | -HS- | M] ()
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 


extras.txt

 

 

 

OTL Extras logfile created on: 7/18/2013 9:57:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.65% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 0.75 Gb Free Space | 2.02% Space Free | Partition Type: NTFS
Drive D: | 14.90 Gb Total Space | 13.27 Gb Free Space | 89.07% Space Free | Partition Type: FAT32
 
Computer Name: LASER | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1292428093-602162358-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{862388F2-ACCF-4CE2-945C-7D559B21058E}" = Vendio XPress Image Publisher
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"GetSavin" = GetSavin
"GolfLogix Course Manager_is1" = GolfLogix Course Manager 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Power_Challenge Toolbar" = Power_Challenge Toolbar
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.93
"SearchProtect" = Search Protect by conduit
"sl-dlca" = SelectionLinks
"VIA Chrome9 HC IGP Family Display" = VIA Display Driver 6.14.10.0099
"VLC media player" = VLC media player 2.0.1
"Windows XP Service Pack" = Windows XP Service Pack 3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Applet" = Applet
"JNLP" = JNLP
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Applet" = Applet
"JNLP" = JNLP
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1292428093-602162358-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/21/2013 3:51:53 PM | Computer Name = LASER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 6/21/2013 3:51:53 PM | Computer Name = LASER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 7/8/2013 5:30:34 PM | Computer Name = LASER | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/17/2013 11:27:35 AM | Computer Name = LASER | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module ntdll.dll, version 5.1.2600.6055, fault address 0x00037331.
 
[ System Events ]
Error - 7/18/2013 2:37:39 AM | Computer Name = LASER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
 error:   %%127
 
Error - 7/18/2013 2:38:22 AM | Computer Name = LASER | Source = Service Control Manager | ID = 7000
Description = The Network Location Awareness (NLA) service failed to start due to
 the following error:   %%231
 
Error - 7/18/2013 2:38:39 AM | Computer Name = LASER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
 error:   %%127
 
Error - 7/18/2013 2:39:39 AM | Computer Name = LASER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
 error:   %%127
 
Error - 7/18/2013 2:40:39 AM | Computer Name = LASER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
 error:   %%127
 
Error - 7/18/2013 2:41:22 AM | Computer Name = LASER | Source = Service Control Manager | ID = 7000
Description = The Network Location Awareness (NLA) service failed to start due to
 the following error:   %%231
 
Error - 7/18/2013 2:41:39 AM | Computer Name = LASER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
 error:   %%127
 
Error - 7/18/2013 2:42:39 AM | Computer Name = LASER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
 error:   %%127
 
Error - 7/18/2013 2:43:39 AM | Computer Name = LASER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
 error:   %%127
 
Error - 7/18/2013 2:44:39 AM | Computer Name = LASER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
 error:   %%127
 
 
< End of report >
 



#12 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 19 July 2013 - 06:06 AM

Hi there,

 

 

Did you get to scan with Eset before seeing my previous post? If so, post the scan log in your next reply so I can see what it found. If not, please let me know, it is quite important. 

 

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#13 pfgiv

pfgiv
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 19 July 2013 - 09:14 AM

I do not have a log for it. i did not complete the scan. If you would like me to i will, but I will await your reply before proceeding. thanks



#14 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:04 PM

Posted 20 July 2013 - 12:06 PM

Hi there,

 

 

I want to make sure about something and for that we need to scan something online.

 

 

Please visit the online Jotti Virus Scanner virus.gif<--link

  • Browse to the following filepath:

    C:\WINDOWS\Macromed.exe 

     

  • Click on the Clipboard021.jpg button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

 

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#15 pfgiv

pfgiv
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:04 AM

Posted 22 July 2013 - 08:58 AM

agnitum.gif
2013-07-22 Found nothing
fortinet.gif
2013-07-20 Found nothing
arcavir.gif
2013-07-22 Found nothing
fprot.gif
2013-07-22 Found nothing
avast.gif
2013-07-21 Win32:Malware-gen
fsecure.gif
2013-07-22 Trojan.Agent.AZXW
avg.gif
2013-07-22 PSW.Generic11.ASRW
gdata.gif
2013-07-22 Trojan.Agent.AZXW
avira.gif
2013-07-22 TR/Agent.AZXW
ikarus.gif
2013-07-22 Trojan-Downloader.Win32.Nurech


bitdefender.gif
2013-07-22 Trojan.Agent.AZXW
kaspersky.gif
2013-07-22 Found nothing
clamav.gif
2013-07-22 PUA.Packed.PECompact-1
panda.gif
2013-07-22 Found nothing
cpsecure.gif
2013-07-22 Found nothing
quickheal.gif
2013-07-22 Found nothing
drweb.gif
2013-07-22 DLOADER.Trojan
sophos.gif
2013-07-22 Troj/Delf-FOZ





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users