Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Can someone help me see what's up?

This is a discussion on Can someone help me see what's up? within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I'm a real computer noob I don't know exactly what's going on but ill try to describe it, mostly I'm


Closed Thread
 
Thread Tools Search this Thread
Old 05-01-2011, 09:18 AM   #1
Registered Member
 
Join Date: May 2011
Posts: 8
OS: windows xp



I'm a real computer noob I don't know exactly what's going on but ill try to describe it, mostly I'm concerned about a keylogger though. The other problems are every now and then on Google I'll click a link and I'll get sent to some random website, sometimes outta nowhere a new tab will open up to a random site as well. I've tried using Malwarebytes, Spyboy S&D, etc to get rid of them but they all either say I'm clean, or occasionally get rid of the virus but the problems still there AND the viruses come back (some Trojans and click.gifload) when I reboot.. My computer is also slower than usual, audio and video is choppy even if its full buffered.. I get error reports like "ntPRMPT32.dll" was unable to run when I boot, and an scvhost and some other one and when I click OK my internet stops loading pages... I also had the anti-malware doctor virus a couple days ago but I got rid of it? Mostly I'm concerned about a keylogger though. Thanks and ill try to help you guys if i can

viruses i've found lately:

click.gifload
CeeInject!Q (MSE found it every 10 minutes for an hour and was "stopping" it)
Spyware.agent x2
Trojan.agent x2
Trojan.hiloti

***I deleted daemon tools from my comp but it showed up on the ark.txt while I was scanning, not sure if thats a problem***


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 15:00:47.92 on Thu 04/28/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.57 [GMT -7:00]
.
AV: Security Master AV *Enabled/Updated* {538926BA-9949-47C9-8842-88D32927E19B}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Security Master AV *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ca10.hpwis.com/
uDefault_Search_URL = hxxp://srch-ca10.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-ca10.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVe0.dll
BHO: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - StumbleUpon Launcher
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: BitComet ClickCapture: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - BitComet Helper
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVe0.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVe0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WeatherEye] c:\documents and settings\owner\desktop\WeatherEye.exe
uRun: [Vioo] c:\windows\??mbols\??ool32.exe
uRun: [Snlooio] c:\windows\??curity\t?skmgr.exe
uRun: [Phxm] "c:\program files\??mbols\?ttrib.exe"
uRun: [Notn] "c:\progra~1\common~1\sks~1\taskmgr.exe" -vt ndrv
uRun: [Csckc] "c:\program files\common files\??mbols\??erinit.exe"
uRun: [F.lux] "c:\documents and settings\owner\local settings\apps\f.lux\flux.exe" /noshow
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Oziruq] rundll32.exe "c:\windows\ntPRMP32.dll",Startup
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [System Files Updater] c:\windows\flyakiteosx\tools\System Files Updater.exe /S
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] "c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [CXMon] "c:\program files\hewlett-packard\photosmart\photo imaging\Hpi_Monitor.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunServices: [<NO NAME>]
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dExplorerRun: [{00EC5300-088F-1033-0210-040108030001}] "c:\program files\common files\{00ec5300-088f-1033-0210-040108030001}\Update.exe" mc-110-12-0000137
dExplorerRun: [{00EC5300-0890-1033-0210-040108030001}] "c:\program files\common files\{00ec5300-0890-1033-0210-040108030001}\Update.exe" mc-110-12-0000137
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\virtualexpander.lnk - c:\windows\system32\virtualexpander\VirtualExpander.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.update
Trusted Zone: stumbleupon.com
Trusted Zone: windowsupdate.com\download
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
mASetup: {010F37E3-CEE3-9BCA-0402-020200040604} - c:\windows\system32\iexplorer.exe
mASetup: {AD5AAFF0-B75C-D4CA-FD5E-D2203F5380B7} - c:\windows\scvhost.exe
IFEO: image file execution options - svchost.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\doever9r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\doever9r.default\extensions\[email protected]\plugins\NP2020Player.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: 20-20 3D Viewer: [email protected] - %profile%\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-3-31 28552]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2006-7-15 4064]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl1ae4cbbf;MpKsl1ae4cbbf;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsl1ae4cbbf.sys [2011-4-26 28752]
R1 MpKsl1c85c609;MpKsl1c85c609;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsl1c85c609.sys [2011-4-27 28752]
R1 MpKsl3edf9fb7;MpKsl3edf9fb7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsl3edf9fb7.sys [2011-4-26 28752]
R1 MpKsl51b64166;MpKsl51b64166;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsl51b64166.sys [2011-4-27 28752]
R1 MpKsl9fc27768;MpKsl9fc27768;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsl9fc27768.sys [2011-4-26 28752]
R1 MpKslad1eef2b;MpKslad1eef2b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKslad1eef2b.sys [2011-4-27 28752]
R1 MpKslb28bc2b1;MpKslb28bc2b1;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKslb28bc2b1.sys [2011-4-28 28752]
R1 MpKslb60d73b1;MpKslb60d73b1;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKslb60d73b1.sys [2011-4-27 28752]
R1 MpKsle38e3fa4;MpKsle38e3fa4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsle38e3fa4.sys [2011-4-26 28752]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files\vmware\vmware converter\vstor2-p2v30.sys [2007-1-30 12544]
S1 MpKsl0800575c;MpKsl0800575c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{735e178c-9274-4384-80b4-21fc6c04b4ca}\mpksl0800575c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{735e178c-9274-4384-80b4-21fc6c04b4ca}\MpKsl0800575c.sys [?]
S1 MpKsl5a189462;MpKsl5a189462;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b73e8020-f6e8-4510-aa9d-d961b0896e9d}\mpksl5a189462.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b73e8020-f6e8-4510-aa9d-d961b0896e9d}\MpKsl5a189462.sys [?]
S1 MpKsl64058142;MpKsl64058142;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b28b1a7-a11a-4ade-8261-c6ec3b6ba8bd}\mpksl64058142.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b28b1a7-a11a-4ade-8261-c6ec3b6ba8bd}\MpKsl64058142.sys [?]
S1 MpKsl8d41eeb6;MpKsl8d41eeb6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62d6d11-bf4c-45d8-bf85-5dd12f386366}\mpksl8d41eeb6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62d6d11-bf4c-45d8-bf85-5dd12f386366}\MpKsl8d41eeb6.sys [?]
S1 MpKslba367ab1;MpKslba367ab1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62d6d11-bf4c-45d8-bf85-5dd12f386366}\mpkslba367ab1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62d6d11-bf4c-45d8-bf85-5dd12f386366}\MpKslba367ab1.sys [?]
S1 MpKslc08b4eb4;MpKslc08b4eb4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62d6d11-bf4c-45d8-bf85-5dd12f386366}\mpkslc08b4eb4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62d6d11-bf4c-45d8-bf85-5dd12f386366}\MpKslc08b4eb4.sys [?]
S1 MpKslccf1a47e;MpKslccf1a47e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62d6d11-bf4c-45d8-bf85-5dd12f386366}\mpkslccf1a47e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e62d6d11-bf4c-45d8-bf85-5dd12f386366}\MpKslccf1a47e.sys [?]
S1 MpKsle4f2cfb5;MpKsle4f2cfb5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7aa3058d-d60c-43c3-b780-ddcbddac8bf2}\mpksle4f2cfb5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7aa3058d-d60c-43c3-b780-ddcbddac8bf2}\MpKsle4f2cfb5.sys [?]
S1 MpKsle571be66;MpKsle571be66;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b28b1a7-a11a-4ade-8261-c6ec3b6ba8bd}\mpksle571be66.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b28b1a7-a11a-4ade-8261-c6ec3b6ba8bd}\MpKsle571be66.sys [?]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2010-4-30 29184]
S3 DADriv1;DADriv1;\??\c:\documents and settings\owner\desktop\daengine\dak32.sys --> c:\documents and settings\owner\desktop\daengine\DAK32.sys [?]
S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]
S3 Dua1;Dua1;\??\c:\docume~1\owner\locals~1\temp\rar$ex24.7031\dualengi.sys --> c:\docume~1\owner\locals~1\temp\rar$ex24.7031\DualEngi.sys [?]
S3 duffyxxx;duffyxxx;\??\c:\docume~1\owner\locals~1\temp\rar$ex01.609\xterminator.sys --> c:\docume~1\owner\locals~1\temp\rar$ex01.609\Xterminator.sys [?]
S3 FKLanse;FKLanse;\??\c:\docume~1\owner\locals~1\temp\rar$ex01.453\gms_v53_vip\gms_v53_vip\ms.dat --> c:\docume~1\owner\locals~1\temp\rar$ex01.453\gms_v53_vip\gms_v53_vip\ms.dat [?]
S3 geebers12;geebers12;\??\c:\docume~1\owner\locals~1\temp\rar$ex08.937\buffy engine\nvid888.sys --> c:\docume~1\owner\locals~1\temp\rar$ex08.937\buffy engine\nvid888.sys [?]
S3 iCheat1;iCheat1;\??\c:\program files\ozzies hackpack\nvid999.sys --> c:\program files\ozzies hackpack\nvid999.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 白目國中生1;白目國中生1;\??\c:\documents and settings\owner\desktop\ve5 1032\nvid999.sys --> c:\documents and settings\owner\desktop\ve5 1032\nvid999.sys [?]
S3 ROCKSTAR;ROCKSTAR;\??\c:\docume~1\owner\locals~1\temp\rar$ex19.516\dspider0 v57\ksysdrv.sys --> c:\docume~1\owner\locals~1\temp\rar$ex19.516\dspider0 v57\ksysdrv.sys [?]
S3 sejt1;sejt1;\??\c:\documents and settings\owner\desktop\new folder (2)\sejt.sys --> c:\documents and settings\owner\desktop\new folder (2)\sejt.sys [?]
S3 SHAK31;SHAK31;\??\c:\docume~1\owner\locals~1\temp\rar$ex00.594\re 4.2\shak3.sys --> c:\docume~1\owner\locals~1\temp\rar$ex00.594\re 4.2\SHAK3.sys [?]
S3 Spps16t;Spps16t; [x]
S3 TSHAK3T1;TSHAK3T1;\??\c:\docume~1\owner\locals~1\temp\rar$ex30.906\gunz-ct____revolution_engine\spuce.sys --> c:\docume~1\owner\locals~1\temp\rar$ex30.906\gunz-ct____revolution_engine\spuce.sys [?]
S3 XDva035;XDva035;\??\c:\windows\system32\xdva035.sys --> c:\windows\system32\XDva035.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\xdva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 Yakir1;Yakir1;\??\c:\docume~1\owner\locals~1\temp\rar$ex23.2328\log evasion engine\zenx.sys --> c:\docume~1\owner\locals~1\temp\rar$ex23.2328\log evasion engine\ZenX.Sys [?]
S3 zenx1;zenx1;\??\c:\docume~1\owner\locals~1\temp\rar$ex01.968\zenxengine gms v.32\zenxengine_latest\zenxengine_latest\zenx.sys --> c:\docume~1\owner\locals~1\temp\rar$ex01.968\zenxengine gms v.32\zenxengine_latest\zenxengine_latest\zenx.sys [?]
.
=============== Created Last 30 ================
.
2011-04-28 21:49:27 54016 ----a-w- c:\windows\system32\drivers\aeudfw.sys
2011-04-28 20:39:24 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKslb28bc2b1.sys
2011-04-28 01:22:21 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKslad1eef2b.sys
2011-04-27 22:03:36 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsl51b64166.sys
2011-04-27 18:13:28 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsl1c85c609.sys
2011-04-27 15:36:06 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKslb60d73b1.sys
2011-04-27 04:11:55 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-27 0451 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Sunbelt Software
2011-04-27 04:04:35 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\~0
2011-04-27 02:22:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2011-04-27 02:22:30 -------- d-----w- c:\program files\Security Task Manager
2011-04-27 02:13:32 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsl9fc27768.sys
2011-04-26 23:05:22 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsl3edf9fb7.sys
2011-04-26 21:42:37 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsl1ae4cbbf.sys
2011-04-26 16:04:47 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\MpKsle38e3fa4.sys
2011-04-26 03:41:39 -------- d-----w- c:\docume~1\owner\applic~1\BD138D6F634DABEB956239AE125514D4
2011-04-26 02:50:42 -------- d-----w- c:\documents and settings\owner\.gimp-2.6
2011-04-24 19:47:45 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{98cdc4da-d6ac-4213-be5c-6ce04eb15229}\mpengine.dll
2011-04-10 01:40:44 -------- d-----w- c:\program files\Paint.NET
2011-04-02 00:25:36 102400 ----a-w- c:\windows\RegBootClean.exe
2011-04-01 15:55:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-01 15:48:56 -------- d-----w- c:\docume~1\owner\applic~1\QuickScan
2011-04-01 02:37:36 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-04-01 02:17:59 -------- d-----w- c:\program files\Panda Security
2011-04-01 02:01:43 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-01 02:01:43 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-04-01 15:45:23 0 ----a-w- c:\windows\Yxixunozabul.bin
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00:28 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2002-08-29 12:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12:02 551936 --sha-w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: ST3160021A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x849B4730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x849baa10]; MOV EAX, [0x849baa8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x849F1030]
3 CLASSPNP[0xF74C7FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000087[0x84A5E280]
5 ACPI[0xF7333620] -> nt!IofCallDriver[0x804E37D5] -> [0x84A5E398]
\Driver\atapi[0x84A8F5A0] -> IRP_MJ_CREATE -> 0x849B4730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x849B457B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 1549.95 ===============
Attached Files
File Type: zip Attach.zip (7.3 KB, 80 views)
soboman is offline  
Sponsored Links
Advertisement
 
Old 05-02-2011, 02:44 PM   #2
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


You have various infections present, possibly including a new variant rootkit.


Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.
  • If Malicious objects are found, ensure Cure is selected (it should be by default)
  • Click Continue then click Reboot now
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please attach that log.
Glaswegian is offline  
Old 05-02-2011, 04:24 PM   #3
Registered Member
 
Join Date: May 2011
Posts: 8
OS: windows xp



Quote:
Originally Posted by Glaswegian View Post
Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


You have various infections present, possibly including a new variant rootkit.


Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.
  • If Malicious objects are found, ensure Cure is selected (it should be by default)
  • Click Continue then click Reboot now
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please attach that log.
Hey Iain thanks for helping.. so what do you mean by no live internet connections? So like nothing running that requires internet or do I have to disconnect my router?

ark.txt

GMER 1.0.15.15572 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-30 08:39:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160021A rev.3.06
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwlcafob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF5B45360, 0x24BB1D, 0xE8000020]
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF7877300]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x4A 0xC2 0xE0 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xC6 0x5E 0x91 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x63 0x48 0x2F 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x71 0x48 0x70 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xC6 0x5E 0x91 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x63 0x48 0x2F 0x9F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x71 0x48 0x70 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x4A 0xC2 0xE0 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xC6 0x5E 0x91 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x63 0x48 0x2F 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x71 0x48 0x70 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\[email protected] c:\Program Files\Common Files\HP\Memories Disc\2.0\hpodxmlutil.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\[email protected] @Gem2BdaJ?ES60)4^LTy>Fvue=4T=G?v.)w&$ix*k?m^onY5PfGAc3JD!6ZVq4CreativeProjects>Fvue=4T=G?v.)w&$ix*k?CmMmsmv'!AqOv2X`+zOOGalleryFramework>Fvue=4T=G?v.)w&$ix*k?
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\[email protected] hpodxmlutil.FileUtil.1
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\[email protected] {9DA3E956-80D2-4AD0-BB26-45D89432697F}
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\[email protected] hpodxmlutil.FileUtil
Reg HKLM\SOFTWARE\Classes\giffile\shell\Open\[email protected] "file:%1",,-1,,,,,
Reg HKLM\SOFTWARE\Classes\giffile\shell\Open\ddeexec\application
Reg HKLM\SOFTWARE\Classes\giffile\shell\Open\ddeexec\[email protected] IExplore
Reg HKLM\SOFTWARE\Classes\giffile\shell\Open\ddeexec\topic
Reg HKLM\SOFTWARE\Classes\giffile\shell\Open\ddeexec\[email protected] WWW_OpenURL

---- EOF - GMER 1.0.15 ----

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/7/2006 8:39:05 PM
System Uptime: 4/28/2011 1:38:25 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Explorer4
Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2191/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 145 GiB total, 78.534 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.612 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: A8GL2OYA IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: A8GL2OYA IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: adfflulp
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
.sol Editor 1.1.0.1
Ы溯檜詭檜Ы 薯剪
1.29
3D Home Architect 5.0 Deluxe
3DHA - Home Design Deluxe
Abyss Web Server X1 (remove only)
AC3Filter (remove only)
Acrobat.com
Action Replay Code Manager
ActivePerl 5.10.0 Build 1002
ActivePerl 5.10.0 Build 1003
Adobe Acrobat Reader 3.01
Adobe AIR
Adobe Bridge 1.0
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe Type Manager 4.0
Advanced WindowsCare Personal
Age of Empires III
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
Ask Toolbar
Atrise Golden Section 4.0.0
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4 4.2.1.166
AVS Video Recorder 2.4 (Service Version)
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
BannedStory
BannedStory 3.0
BitComet 0.89
BitTorrent
Bizarro Trainer
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Bonjour
Bounce Symphony from Hewlett-Packard Desktops (remove only)
Broderbund Home Design 5.1
CadStd
CCleaner (remove only)
Cheat Engine 5.4
Client
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
DivX Web Player
DNA
EA SPORTS online 2007
eMule
Excavation from Hewlett-Packard Desktops (remove only)
F.lux
FILEminimizer Suite
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
FlyakiteOSX
FUJIFILM FinePixViewer S Ver.2.0
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
Ghost
Google Chrome
Google Desktop
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
GTA San Andreas
GTK+ 2.10.6-1 runtime environment
GunboundWC
Hamachi 1.0.2.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP Photo Imaging Software
HP Photo Printing Software
HP PSC & OfficeJet 3.0
IKEA Home Planner Kitchen
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Junk Mail filter update
La Tale
Lame ACM MP3 Codec
Last.fm 1.3.2.13
LG PC Suite
LG USB Modem driver
linksadoor 1.29
Macromedia Shockwave Player
MAIET entertainment - Gunz
Malwarebytes' Anti-Malware
ManyCam 2.5.48 (remove only)
Mapedit
MapleStory
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Office XP Pro Step by Step Interactive
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works 7.0
Mozilla Firefox (3.6.16)
MPlugin
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MTA: Race for San Andreas 1.1.1
Multimedia Card Reader
Musicnotes Player V1.22.3
muvee autoProducer 3.5 magicMoments
NBA LIVE 07
NBA Live 2003
NCAA Championship Run 2006
Nexon Game Manager
NVIDIA Drivers
NVIDIA Ethernet Driver
NVIDIA GART Driver
Octoshape add-in for Adobe Flash Player
OpenOffice.org Installer 1.0
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
Ozzies Hackpack
Paint.NET v3.35
Panda ActiveScan 2.0
Pando Media Booster
Photosmart 140,240,7200,7600,7700,7900 Series
Pocket RAR documentation
Polar Bowler from Hewlett-Packard Desktops (remove only)
PremiumSoft Navicat 8.0 for MySQL
ProFile
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTax 2005
QuickTime
RealPlayer
RocketDock 1.3.5
Samsung Media Studio
San Andreas Mod Installer
Security Task Manager 1.8c
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Separation Agreement Forms Kit
ShowInfo
Skype 4.2
Slyder from Hewlett-Packard Desktops (remove only)
SmartDraw 2009
SoulSeek 157 NS 13c
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
StumbleUpon IE Toolbar
System Requirements Lab
TBS WMP Plug-in
TestDrive Client
The Sims 2 Glamour Life Stuff
The Sims 2 Open For Business
The Sims 2 University
The Sims 2 Double Deluxe
The Sims 2 IKEA Home Stuff
The Sims 2 Seasons
Toolkit View(HP)
TotalPDFConverter
TVersitybar Toolbar
Uninstall SWIP
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
VC80CRTRedist - 8.0.50727.762
Videora iPod Converter 3.07
Viewpoint Media Player
Vista Start Menu
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WampServer 2.0
WeatherEye
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.2
Wondershare DVD to iPod Ripper(Build 3.2.47) Trial Version
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Widgets
.
==== Event Viewer Messages From Past Week ========
.
4/28/2011 8:48:54 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
4/28/2011 8:32:14 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
4/28/2011 1:50:38 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.427.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/28/2011 1:42:59 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).
4/28/2011 1:42:38 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/28/2011 1:42:29 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/28/2011 1:41:54 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
4/28/2011 1:39:36 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
4/28/2011 1:34:45 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/28/2011 1:33:44 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
soboman is offline  
Sponsored Links
Advertisement
 
Old 05-02-2011, 04:54 PM   #4
Registered Member
 
Join Date: May 2011
Posts: 8
OS: windows xp



Ok so I just turned off my connections and ran the scan, done in like 2 minutes and nothing was found and no log or anything

edit: ok nvm found the log..
Attached Files
File Type: txt TDSSKiller.2.4.21.0_01.05.2011_16.48.57_log.txt (41.5 KB, 78 views)
soboman is offline  
Old 05-03-2011, 02:08 PM   #5
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi again

'No connections' means no open programmes actively accessing the internet.

Combofix
We will now use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.
Glaswegian is offline  
Old 05-03-2011, 05:27 PM   #6
Registered Member
 
Join Date: May 2011
Posts: 8
OS: windows xp



ComboFix 11-05-03.02 - Owner 05/02/2011 16:20:32.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.136 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\Adobe\plugs
c:\documents and settings\Owner\Application Data\Adobe\shed
c:\documents and settings\Owner\Application Data\BD138D6F634DABEB956239AE125514D4
c:\documents and settings\Owner\Application Data\BD138D6F634DABEB956239AE125514D4\enemies-names.txt
c:\documents and settings\Owner\Application Data\BD138D6F634DABEB956239AE125514D4\local.ini
c:\documents and settings\Owner\Application Data\BD138D6F634DABEB956239AE125514D4\tr700lqqcore.exe
c:\documents and settings\Owner\Local Settings\Application Data\{3186E787-2A7E-4B2C-9B9E-53010BB6B2BB}
c:\documents and settings\Owner\Local Settings\Application Data\{3186E787-2A7E-4B2C-9B9E-53010BB6B2BB}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{3186E787-2A7E-4B2C-9B9E-53010BB6B2BB}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{3186E787-2A7E-4B2C-9B9E-53010BB6B2BB}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{3186E787-2A7E-4B2C-9B9E-53010BB6B2BB}\install.rdf
c:\documents and settings\Owner\System
c:\documents and settings\Owner\System\win_qs8.jqx
c:\documents and settings\Owner\WINDOWS
c:\documents and settings\User\WINDOWS
c:\progra~1\COMMON~1\{00EC5~1
c:\progra~1\COMMON~1\{00EC5~2
c:\progra~1\COMMON~1\{00EC5~3
c:\program files\Common Files\appatc~1
c:\program files\Common Files\fnts~1
c:\program files\Common Files\mbols~1
c:\program files\Common Files\sstem3~1
c:\program files\Common Files\stem~1
c:\program files\Common Files\uninstall information
c:\program files\Common Files\ymbols~1
c:\program files\crosof~1.net
c:\program files\dobe~1
c:\program files\mcroso~1.net
c:\program files\pppatc~1
c:\windows\asks~1
c:\windows\crosof~1
c:\windows\crosof~1.net
c:\windows\curity~1
c:\windows\mbols~1
c:\windows\mcroso~1
c:\windows\scurit~1
c:\windows\stem32~1
c:\windows\stem32~1\dump.CEM
c:\windows\stem32~1\ElJeffro's Driver Loader.exe
c:\windows\stem32~1\GameCRC.sys
c:\windows\stem32~1\installer.bat
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\crosof~1
c:\windows\system32\curity~1
c:\windows\system32\dobe~1
c:\windows\system32\fnts~1
c:\windows\system32\icroso~1
c:\windows\system32\icroso~1.net
c:\windows\system32\mbols~1
c:\windows\system32\mcroso~1
c:\windows\system32\muzapp.exe
c:\windows\system32\racle~1
c:\windows\system32\regsvr32.dll
c:\windows\system32\sstem3~1
c:\windows\system32\stem~1
c:\windows\system32\tsks~1
c:\windows\system32\wnsxs~1
c:\windows\wnsxs~1
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-02 15:44 . 2011-05-02 15:44 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EBC0231-E21F-47A5-A4F1-27ABD8E6015A}\MpKsl1598f875.sys
2011-05-02 15:39 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EBC0231-E21F-47A5-A4F1-27ABD8E6015A}\mpengine.dll
2011-04-27 04:11 . 2011-04-27 04:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-27 04:06 . 2011-04-27 04:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2011-04-27 02:22 . 2011-04-28 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-04-27 02:22 . 2011-04-27 02:22 -------- d-----w- c:\program files\Security Task Manager
2011-04-26 02:50 . 2011-04-26 16:18 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6
2011-04-10 01:40 . 2011-04-10 01:43 -------- d-----w- c:\program files\Paint.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2011-02-01 22:11 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-02 00:25 . 2011-04-02 00:25 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-07 05:33 . 2003-03-04 06:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-02-12 20:23 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-01-21 00:04 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2004-01-22 00:16 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2006-01-08 08:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-02-12 20:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-02-12 20:44 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-01-21 00:04 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-01-21 00:04 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 23:39 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-01-08 08:29 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-02-12 20:44 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-02-12 20:45 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2002-11-26 22:15 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 13:53 . 2002-11-26 22:15 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-08 13:33 . 2004-02-12 20:45 978944 --sha-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-02-12 20:45 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2004-02-12 20:46 2067456 ----a-w- c:\windows\system32\mstscax.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2007-08-13 06:25 . 2006-10-13 23:21 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2002-08-29 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12 551936 --sha-w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-30 01:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2011-01-17 14:54 175912 ----a-w- c:\program files\TVersitybar\prxtbTVe0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]
"{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2009-08-05 16:34 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vioo"="c:\windows\??mbols\??ool32.exe" [?]
"Snlooio"="c:\windows\??curity\t?skmgr.exe" [?]
"Phxm"="c:\program files\??mbols\?ttrib.exe" [?]
"Csckc"="c:\program files\Common Files\??mbols\??erinit.exe" [?]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"F.lux"="c:\documents and settings\Owner\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2000-08-14 32768]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2009-8-4 474808]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Asgil]
c:\documents and settings\Owner\Application Data\?ystem32\l?gonui.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dso]
c:\documents and settings\Owner\Application Data\F?nts\d?dplay.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Irdzcjzc]
c:\windows\system32\??stem\?canregw.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lqtfs]
c:\windows\??stem32\l?gonui.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zplcvh]
c:\windows\system32\W?nSxS\m?iexec.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 06:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-23 04:42 116040 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 09:34 32768 -c--a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-08-13 07:04 1838592 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-26 23:21 133104 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
2007-01-31 04:36 57344 -c--a-w- c:\program files\MarkAny\ContentSafer\MaAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-19 02:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 20:22 7700480 -c--a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 20:22 1622016 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 23:57 81920 -c--a-w- c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 18:50 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2003-11-04 00:50 221184 -c--a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-19 07:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 16:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nmservice"=2 (0x2)
"nmraapache"=3 (0x3)
"N360"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"ufad-p2v"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"SQLAgent$SONY_MEDIAMGR"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$SONY_MEDIAMGR"=3 (0x3)
"MSSQL$MSSMLBIZ"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"Game.exe"= Game.exe:GostSoul
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16427:TCP"= 16427:TCP:*:Disabled:BitComet 16427 TCP
"16427:UDP"= 16427:UDP:*:Disabled:BitComet 16427 UDP
"56346:TCP"= 56346:TCP:Pando Media Booster
"56346:UDP"= 56346:UDP:Pando Media Booster
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/31/2011 7:37 PM 28552]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [7/15/2006 11:47 PM 4064]
R1 MpKsl1598f875;MpKsl1598f875;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EBC0231-E21F-47A5-A4F1-27ABD8E6015A}\MpKsl1598f875.sys [5/2/2011 8:44 AM 28752]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files\VMware\VMware Converter\vstor2-p2v30.sys [1/30/2007 8:41 PM 12544]
S1 MpKsl0800575c;MpKsl0800575c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{735E178C-9274-4384-80B4-21FC6C04B4CA}\MpKsl0800575c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{735E178C-9274-4384-80B4-21FC6C04B4CA}\MpKsl0800575c.sys [?]
S1 MpKsl5a189462;MpKsl5a189462;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B73E8020-F6E8-4510-AA9D-D961B0896E9D}\MpKsl5a189462.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B73E8020-F6E8-4510-AA9D-D961B0896E9D}\MpKsl5a189462.sys [?]
S1 MpKsl64058142;MpKsl64058142;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B28B1A7-A11A-4ADE-8261-C6EC3B6BA8BD}\MpKsl64058142.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B28B1A7-A11A-4ADE-8261-C6EC3B6BA8BD}\MpKsl64058142.sys [?]
S1 MpKsl8d41eeb6;MpKsl8d41eeb6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKsl8d41eeb6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKsl8d41eeb6.sys [?]
S1 MpKslba367ab1;MpKslba367ab1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslba367ab1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslba367ab1.sys [?]
S1 MpKslc08b4eb4;MpKslc08b4eb4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslc08b4eb4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslc08b4eb4.sys [?]
S1 MpKslccf1a47e;MpKslccf1a47e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslccf1a47e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslccf1a47e.sys [?]
S1 MpKsle4f2cfb5;MpKsle4f2cfb5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AA3058D-D60C-43C3-B780-DDCBDDAC8BF2}\MpKsle4f2cfb5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AA3058D-D60C-43C3-B780-DDCBDDAC8BF2}\MpKsle4f2cfb5.sys [?]
S1 MpKsle571be66;MpKsle571be66;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B28B1A7-A11A-4ADE-8261-C6EC3B6BA8BD}\MpKsle571be66.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B28B1A7-A11A-4ADE-8261-C6EC3B6BA8BD}\MpKsle571be66.sys [?]
S1 MpKslfbd3b6dc;MpKslfbd3b6dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98CDC4DA-D6AC-4213-BE5C-6CE04EB15229}\MpKslfbd3b6dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98CDC4DA-D6AC-4213-BE5C-6CE04EB15229}\MpKslfbd3b6dc.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:45 PM 135664]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [4/30/2010 8:33 PM 29184]
S3 DADriv1;DADriv1;\??\c:\documents and settings\Owner\Desktop\DAEngine\DAK32.sys --> c:\documents and settings\Owner\Desktop\DAEngine\DAK32.sys [?]
S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 Dua1;Dua1;\??\c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX24.7031\DualEngi.sys --> c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX24.7031\DualEngi.sys [?]
S3 duffyxxx;duffyxxx;\??\c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX01.609\Xterminator.sys --> c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX01.609\Xterminator.sys [?]
S3 FKLanse;FKLanse;\??\c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX01.453\GMS_V53_VIP\GMS_V53_VIP\ms.dat --> c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX01.453\GMS_V53_VIP\GMS_V53_VIP\ms.dat [?]
S3 geebers12;geebers12;\??\c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX08.937\Buffy Engine\nvid888.sys --> c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX08.937\Buffy Engine\nvid888.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:45 PM 135664]
S3 iCheat1;iCheat1;\??\c:\program files\Ozzies Hackpack\nvid999.sys --> c:\program files\Ozzies Hackpack\nvid999.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 白目國中生1;白目國中生1;\??\c:\documents and settings\Owner\Desktop\VE5 1032\nvid999.sys --> c:\documents and settings\Owner\Desktop\VE5 1032\nvid999.sys [?]
S3 ROCKSTAR;ROCKSTAR;\??\c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX19.516\Dspider0 v57\ksysdrv.sys --> c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX19.516\Dspider0 v57\ksysdrv.sys [?]
S3 sejt1;sejt1;\??\c:\documents and settings\Owner\Desktop\New Folder (2)\sejt.sys --> c:\documents and settings\Owner\Desktop\New Folder (2)\sejt.sys [?]
S3 SHAK31;SHAK31;\??\c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX00.594\RE 4.2\SHAK3.sys --> c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX00.594\RE 4.2\SHAK3.sys [?]
S3 Spps16t;Spps16t; [x]
S3 TSHAK3T1;TSHAK3T1;\??\c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX30.906\Gunz-CT____Revolution_Engine\spuce.sys --> c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX30.906\Gunz-CT____Revolution_Engine\spuce.sys [?]
S3 XDva035;XDva035;\??\c:\windows\system32\XDva035.sys --> c:\windows\system32\XDva035.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 Yakir1;Yakir1;\??\c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX23.2328\Log Evasion Engine\ZenX.Sys --> c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX23.2328\Log Evasion Engine\ZenX.Sys [?]
S3 zenx1;zenx1;\??\c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX01.968\ZenxEngine GMS v.32\ZenxEngine_LATEST\ZenxEngine_LATEST\zenx.sys --> c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX01.968\ZenxEngine GMS v.32\ZenxEngine_LATEST\ZenxEngine_LATEST\zenx.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S4 ufad-p2v;VMware Converter Service;c:\program files\VMware\VMware Converter\vmware-ufad.exe [1/30/2007 8:43 PM 155648]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/7/2008 7:37 PM 24652]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 05:45]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 05:45]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661977996-2833389987-1842980448-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-26 23:21]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661977996-2833389987-1842980448-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-26 23:21]
.
2011-05-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
2011-05-03 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SmartDraw 2009\Messages\SDNotify.exe [2008-10-13 15:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uDefault_Search_URL = hxxp://srch-ca10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-ca10.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
Trusted Zone: microsoft.com\*.update
Trusted Zone: stumbleupon.com
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\doever9r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: 20-20 3D Viewer: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-WeatherEye - c:\documents and settings\Owner\Desktop\WeatherEye.exe
HKCU-Run-Notn - c:\progra~1\COMMON~1\SKS~1\taskmgr.exe
HKCU-Run-Oziruq - c:\windows\ntPRMP32.dll
HKU-Default-Explorer_Run-{00EC5300-088F-1033-0210-040108030001} - c:\program files\Common Files\{00EC5300-088F-1033-0210-040108030001}\Update.exe
HKU-Default-Explorer_Run-{00EC5300-0890-1033-0210-040108030001} - c:\program files\Common Files\{00EC5300-0890-1033-0210-040108030001}\Update.exe
MSConfigStartUp-BearFlix - c:\program files\BearFlix\bearflix.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-nmapp - c:\program files\Pure Networks\Network Magic\nmapp.exe
MSConfigStartUp-Oziruq - c:\windows\ntPRMP32.dll
MSConfigStartUp-SMSTray - c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-Sunkist2k - c:\program files\Multimedia Card Reader\shwicon2k.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\733b6876-6e48-4e4b-bab6-361e52d63224.com
MSConfigStartUp-VTTimer - VTTimer.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM_ActiveSetup-{010F37E3-CEE3-9BCA-0402-020200040604} - c:\windows\system32\iexplorer.exe
HKLM_ActiveSetup-{AD5AAFF0-B75C-D4CA-FD5E-D2203F5380B7} - c:\windows\scvhost.exe
AddRemove-Adobe Type Manager 4.0 - c:\program files\Adobe Type Manager\DeIsL1.isu
AddRemove-Advanced WindowsCare V2 Personal_is1 - c:\program files\IObit\Advanced WindowsCare V2\unins000.exe
AddRemove-Cheat Engine 5.4_is1 - c:\program files\Cheat Engine\unins000.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-RocketDock_is1 - c:\program files\RocketDock\unins000.exe
AddRemove-Soulseek2 - c:\program files\SoulseekNS\uninstall.exe
AddRemove-Vista Start Menu - c:\program files\Vista Start Menu\uninstall.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe
AddRemove-AbyssWebServer - c:\program files\Abyss Web Server\uninstall.exe
AddRemove-BitTorrent - c:\program files\BitTorrent\uninst.exe
AddRemove-DNA - c:\program files\BitTorrent_DNA\dna.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
AddRemove-WeatherEye - c:\documents and settings\Owner\Desktop\MMTWNLiveUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-02 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FKLanse]
"ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\Rar$EX01.453\GMS_V53_VIP\GMS_V53_VIP\ms.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\WININET.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\ALCXMNTR.EXE
.
**************************************************************************
.
Completion time: 2011-05-02 17:28:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-03 00:28
.
Pre-Run: 85,403,709,440 bytes free
Post-Run: 85,390,540,800 bytes free
.
- - End Of File - - 6834D1407DFB9D5F0B1B76B2093B6B8A
soboman is offline  
Old 05-04-2011, 02:02 PM   #7
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi again

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.


Combofix
  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:

Code:
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vioo"=- 
"Snlooio"=-
"Phxm"=- 
"Csckc"=- 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dso]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Irdzcjzc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lqtfs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zplcvh]

Driver::
Dua1
duffyxxx
FKLanse
geebers12
白目國中生1
ROCKSTAR
sejt1
SHAK31
Spps16t
TSHAK3T1
Yakir1
zenx1
Looking at the image below as an example



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript onto ComboFix.exe.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt for further review.



Download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
Glaswegian is offline  
Old 05-04-2011, 08:17 PM   #8
Registered Member
 
Join Date: May 2011
Posts: 8
OS: windows xp



ComboFix 11-05-04.02 - Owner 05/03/2011 19:22:29.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.49 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DUA1
-------\Legacy_DUFFYXXX
-------\Legacy_FKLANSE
-------\Legacy_GEEBERS12
-------\Legacy_ROCKSTAR
-------\Legacy_SEJT1
-------\Legacy_SHAK31
-------\Legacy_TSHAK3T1
-------\Legacy_YAKIR1
-------\Legacy_ZENX1
-------\Service_Dua1
-------\Service_duffyxxx
-------\Service_FKLanse
-------\Service_geebers12
-------\Service_白目國中生1
-------\Service_ROCKSTAR
-------\Service_sejt1
-------\Service_SHAK31
-------\Service_Spps16t
-------\Service_TSHAK3T1
-------\Service_Yakir1
-------\Service_zenx1
.
.
((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 00:22 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27F336BF-C55B-474C-8B4A-350A7D687EDA}\mpengine.dll
2011-04-27 04:11 . 2011-04-27 04:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-27 04:06 . 2011-04-27 04:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2011-04-27 02:22 . 2011-04-28 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-04-27 02:22 . 2011-04-27 02:22 -------- d-----w- c:\program files\Security Task Manager
2011-04-26 02:50 . 2011-04-26 16:18 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6
2011-04-10 01:40 . 2011-04-10 01:43 -------- d-----w- c:\program files\Paint.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2011-02-01 22:11 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-02 00:25 . 2011-04-02 00:25 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-07 05:33 . 2003-03-04 06:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-02-12 20:23 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-01-21 00:04 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2004-01-22 00:16 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2006-01-08 08:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-02-12 20:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-02-12 20:44 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-01-21 00:04 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-01-21 00:04 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 23:39 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-01-08 08:29 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-02-12 20:44 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-02-12 20:45 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2002-11-26 22:15 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 13:53 . 2002-11-26 22:15 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-08 13:33 . 2004-02-12 20:45 978944 --sha-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-02-12 20:45 974848 ----a-w- c:\windows\system32\mfc42u.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2007-08-13 06:25 . 2006-10-13 23:21 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2002-08-29 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 551936 --sha-w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-30 01:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2011-01-17 14:54 175912 ----a-w- c:\program files\TVersitybar\prxtbTVe0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]
"{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2009-08-05 16:34 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"F.lux"="c:\documents and settings\Owner\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2000-08-14 32768]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2009-8-4 474808]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Asgil]
c:\documents and settings\Owner\Application Data\?ystem32\l?gonui.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 06:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-23 04:42 116040 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 09:34 32768 -c--a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-08-13 07:04 1838592 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-26 23:21 133104 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
2007-01-31 04:36 57344 -c--a-w- c:\program files\MarkAny\ContentSafer\MaAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-19 02:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 20:22 7700480 -c--a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 20:22 1622016 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 23:57 81920 -c--a-w- c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 18:50 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2003-11-04 00:50 221184 -c--a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-19 07:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 16:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nmservice"=2 (0x2)
"nmraapache"=3 (0x3)
"N360"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"ufad-p2v"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"SQLAgent$SONY_MEDIAMGR"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$SONY_MEDIAMGR"=3 (0x3)
"MSSQL$MSSMLBIZ"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"Game.exe"= Game.exe:GostSoul
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16427:TCP"= 16427:TCP:*:Disabled:BitComet 16427 TCP
"16427:UDP"= 16427:UDP:*:Disabled:BitComet 16427 UDP
"56346:TCP"= 56346:TCP:Pando Media Booster
"56346:UDP"= 56346:UDP:Pando Media Booster
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/31/2011 7:37 PM 28552]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [7/15/2006 11:47 PM 4064]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files\VMware\VMware Converter\vstor2-p2v30.sys [1/30/2007 8:41 PM 12544]
S1 MpKsl0800575c;MpKsl0800575c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{735E178C-9274-4384-80B4-21FC6C04B4CA}\MpKsl0800575c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{735E178C-9274-4384-80B4-21FC6C04B4CA}\MpKsl0800575c.sys [?]
S1 MpKsl1598f875;MpKsl1598f875;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EBC0231-E21F-47A5-A4F1-27ABD8E6015A}\MpKsl1598f875.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EBC0231-E21F-47A5-A4F1-27ABD8E6015A}\MpKsl1598f875.sys [?]
S1 MpKsl5a189462;MpKsl5a189462;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B73E8020-F6E8-4510-AA9D-D961B0896E9D}\MpKsl5a189462.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B73E8020-F6E8-4510-AA9D-D961B0896E9D}\MpKsl5a189462.sys [?]
S1 MpKsl64058142;MpKsl64058142;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B28B1A7-A11A-4ADE-8261-C6EC3B6BA8BD}\MpKsl64058142.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B28B1A7-A11A-4ADE-8261-C6EC3B6BA8BD}\MpKsl64058142.sys [?]
S1 MpKsl8d41eeb6;MpKsl8d41eeb6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKsl8d41eeb6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKsl8d41eeb6.sys [?]
S1 MpKslba367ab1;MpKslba367ab1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslba367ab1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslba367ab1.sys [?]
S1 MpKslc08b4eb4;MpKslc08b4eb4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslc08b4eb4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslc08b4eb4.sys [?]
S1 MpKslccf1a47e;MpKslccf1a47e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslccf1a47e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslccf1a47e.sys [?]
S1 MpKsle4f2cfb5;MpKsle4f2cfb5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AA3058D-D60C-43C3-B780-DDCBDDAC8BF2}\MpKsle4f2cfb5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AA3058D-D60C-43C3-B780-DDCBDDAC8BF2}\MpKsle4f2cfb5.sys [?]
S1 MpKsle571be66;MpKsle571be66;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B28B1A7-A11A-4ADE-8261-C6EC3B6BA8BD}\MpKsle571be66.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B28B1A7-A11A-4ADE-8261-C6EC3B6BA8BD}\MpKsle571be66.sys [?]
S1 MpKslfbd3b6dc;MpKslfbd3b6dc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98CDC4DA-D6AC-4213-BE5C-6CE04EB15229}\MpKslfbd3b6dc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98CDC4DA-D6AC-4213-BE5C-6CE04EB15229}\MpKslfbd3b6dc.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:45 PM 135664]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [4/30/2010 8:33 PM 29184]
S3 DADriv1;DADriv1;\??\c:\documents and settings\Owner\Desktop\DAEngine\DAK32.sys --> c:\documents and settings\Owner\Desktop\DAEngine\DAK32.sys [?]
S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 10:45 PM 135664]
S3 iCheat1;iCheat1;\??\c:\program files\Ozzies Hackpack\nvid999.sys --> c:\program files\Ozzies Hackpack\nvid999.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 XDva035;XDva035;\??\c:\windows\system32\XDva035.sys --> c:\windows\system32\XDva035.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S4 ufad-p2v;VMware Converter Service;c:\program files\VMware\VMware Converter\vmware-ufad.exe [1/30/2007 8:43 PM 155648]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/7/2008 7:37 PM 24652]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 05:45]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 05:45]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661977996-2833389987-1842980448-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-26 23:21]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661977996-2833389987-1842980448-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-26 23:21]
.
2011-05-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
2011-05-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SmartDraw 2009\Messages\SDNotify.exe [2008-10-13 15:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uDefault_Search_URL = hxxp://srch-ca10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-ca10.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
Trusted Zone: microsoft.com\*.update
Trusted Zone: stumbleupon.com
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\doever9r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: 20-20 3D Viewer: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-03 20:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1824)
c:\windows\system32\WININET.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\ALCXMNTR.EXE
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2011-05-03 20:15:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-04 03:15
ComboFix2.txt 2011-05-03 00:28
.
Pre-Run: 85,660,069,888 bytes free
Post-Run: 85,643,468,800 bytes free
.
- - End Of File - - A6A66516045C0F600C1F5C5D1DDA1025
soboman is offline  
Old 05-04-2011, 09:05 PM   #9
Registered Member
 
Join Date: May 2011
Posts: 8
OS: windows xp



Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6509

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/3/2011 8:42:48 PM
mbam-log-2011-05-03 (20-42-48).txt

Scan type: Quick scan
Objects scanned: 178933
Time elapsed: 19 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
soboman is offline  
Old 05-06-2011, 01:30 PM   #10
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi again

How is your system running now?

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.


Combofix
  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:

Code:
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]

Driver::
DADriv1
Looking at the image below as an example



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript onto ComboFix.exe.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt for further review.
Glaswegian is offline  
Old 05-07-2011, 07:58 PM   #11
Registered Member
 
Join Date: May 2011
Posts: 8
OS: windows xp



ComboFix 11-05-07.01 - Owner 05/06/2011 19:02:41.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.121 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DADRIV1
-------\Service_DADriv1
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-05 02:58 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BD602211-6AF6-4D8E-85C6-72DA2C3BA0FD}\mpengine.dll
2011-04-27 04:11 . 2011-04-27 04:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-27 04:06 . 2011-04-27 04:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2011-04-27 02:22 . 2011-04-28 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-04-27 02:22 . 2011-04-27 02:22 -------- d-----w- c:\program files\Security Task Manager
2011-04-26 02:50 . 2011-04-26 16:18 -------- d-----w- c:\documents and settings\Owner\.gimp-2.6
2011-04-10 01:40 . 2011-04-10 01:43 -------- d-----w- c:\program files\Paint.NET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2011-02-01 22:11 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-02 00:25 . 2011-04-02 00:25 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-07 05:33 . 2003-03-04 06:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-02-12 20:23 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-01-21 00:04 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2004-01-22 00:16 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2006-01-08 08:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-02-12 20:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-02-12 20:44 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-01-21 00:04 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-01-21 00:04 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 23:39 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2006-01-08 08:29 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-02-12 20:44 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2004-02-12 20:45 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2002-11-26 22:15 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 13:53 . 2002-11-26 22:15 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-08 13:33 . 2004-02-12 20:45 978944 --sha-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-02-12 20:45 974848 ----a-w- c:\windows\system32\mfc42u.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2007-08-13 06:25 . 2006-10-13 23:21 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2002-08-29 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 551936 --sha-w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-30 01:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2011-01-17 14:54 175912 ----a-w- c:\program files\TVersitybar\prxtbTVe0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]
"{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\prxtbTVe0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2009-08-05 16:34 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"F.lux"="c:\documents and settings\Owner\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-19 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2000-08-14 32768]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2009-8-4 474808]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Asgil]
c:\documents and settings\Owner\Application Data\?ystem32\l?gonui.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 06:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-23 04:42 116040 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 03:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 09:34 32768 -c--a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-08-13 07:04 1838592 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-26 23:21 133104 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
2007-01-31 04:36 57344 -c--a-w- c:\program files\MarkAny\ContentSafer\MaAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-19 02:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 20:22 7700480 -c--a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 20:22 1622016 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 23:57 81920 -c--a-w- c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 18:50 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2003-11-04 00:50 221184 -c--a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-19 07:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 16:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nmservice"=2 (0x2)
"nmraapache"=3 (0x3)
"N360"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"ufad-p2v"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"SQLAgent$SONY_MEDIAMGR"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$SONY_MEDIAMGR"=3 (0x3)
"MSSQL$MSSMLBIZ"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"Game.exe"= Game.exe:GostSoul
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16427:TCP"= 16427:TCP:*:Disabled:BitComet 16427 TCP
"16427:UDP"= 16427:UDP:*:Disabled:BitComet 16427 UDP
"56346:TCP"= 56346:TCP:Pando Media Booster
"56346:UDP"= 56346:UDP:Pando Media Booster
.
R1 MpKsl0800575c;MpKsl0800575c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{735E178C-9274-4384-80B4-21FC6C04B4CA}\MpKsl0800575c.sys [x]
R1 MpKsl1598f875;MpKsl1598f875;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1EBC0231-E21F-47A5-A4F1-27ABD8E6015A}\MpKsl1598f875.sys [x]
R1 MpKsl5a189462;MpKsl5a189462;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B73E8020-F6E8-4510-AA9D-D961B0896E9D}\MpKsl5a189462.sys [x]
R1 MpKsl64058142;MpKsl64058142;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B28B1A7-A11A-4ADE-8261-C6EC3B6BA8BD}\MpKsl64058142.sys [x]
R1 MpKsl8d41eeb6;MpKsl8d41eeb6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKsl8d41eeb6.sys [x]
R1 MpKslba367ab1;MpKslba367ab1;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslba367ab1.sys [x]
R1 MpKslc08b4eb4;MpKslc08b4eb4;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslc08b4eb4.sys [x]
R1 MpKslccf1a47e;MpKslccf1a47e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E62D6D11-BF4C-45D8-BF85-5DD12F386366}\MpKslccf1a47e.sys [x]
R1 MpKsle4f2cfb5;MpKsle4f2cfb5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7AA3058D-D60C-43C3-B780-DDCBDDAC8BF2}\MpKsle4f2cfb5.sys [x]
R1 MpKsle571be66;MpKsle571be66;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B28B1A7-A11A-4ADE-8261-C6EC3B6BA8BD}\MpKsle571be66.sys [x]
R1 MpKslfbd3b6dc;MpKslfbd3b6dc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98CDC4DA-D6AC-4213-BE5C-6CE04EB15229}\MpKslfbd3b6dc.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS.sys [2007-02-08 29184]
R3 DBKDRVR54;DBKDRVR54;c:\program files\Cheat Engine\dbk32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
R3 iCheat1;iCheat1;c:\program files\Ozzies Hackpack\nvid999.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 XDva035;XDva035;c:\windows\system32\XDva035.sys [x]
R3 XDva277;XDva277;c:\windows\system32\XDva277.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
R4 ufad-p2v;VMware Converter Service;c:\program files\VMware\VMware Converter\vmware-ufad.exe [2007-01-31 155648]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 ATMhelpr;ATMhelpr; [x]
S2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files\VMware\VMware Converter\vstor2-p2v30.sys [2007-01-31 12544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 05:45]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 05:45]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661977996-2833389987-1842980448-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-26 23:21]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661977996-2833389987-1842980448-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-26 23:21]
.
2011-05-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
2011-05-07 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SmartDraw 2009\Messages\SDNotify.exe [2008-10-13 15:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uDefault_Search_URL = hxxp://srch-ca10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-ca10.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
Trusted Zone: microsoft.com\*.update
Trusted Zone: stumbleupon.com
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\doever9r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: 20-20 3D Viewer: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-06 19:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1196)
c:\windows\system32\WININET.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\ALCXMNTR.EXE
.
**************************************************************************
.
Completion time: 2011-05-06 19:59:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-07 02:59
ComboFix2.txt 2011-05-04 03:15
ComboFix3.txt 2011-05-03 00:28
.
Pre-Run: 85,494,185,984 bytes free
Post-Run: 85,628,522,496 bytes free
.
- - End Of File - - 124A9BB9DF8FC04566882C5AE3D18D6E
soboman is offline  
Old 05-08-2011, 07:10 AM   #12
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi again

How are things running now?


Online Scan
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
Glaswegian is offline  
Old 05-12-2011, 04:25 PM   #13
Registered Member
 
Join Date: May 2011
Posts: 8
OS: windows xp



Ok well things seem fine now but I still think I have a keylogger. The only thing now besides that is streaming videos and youtube are choppy. Like even if the video is fully buffered every like 2 seconds it will get stop and go if you know what i mean. Its almost like watching a slideshow and you can definitely hear it too. I used ccleaner and now its a bit better though so it might not be virus related but I only noticed it since after I deleted that stupid antimalware doctor virus.

C:\Documents and Settings\Owner\My Documents\MsgPlusLive-423.exe a variant of Win32/MessengerPlus application
C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan
C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan
C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan
C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan
C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan
C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan
C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent.BMWSIKB trojan
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application
C:\Program Files\WinRAR\GO Hacks.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files\WinRAR\ws2_32.dll probably a variant of Win32/PSW.Agent.GTOPKUY trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\BD138D6F634DABEB956239AE125514D4\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\BD138D6F634DABEB956239AE125514D4\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\BD138D6F634DABEB956239AE125514D4\tr700lqqcore.exe.vir a variant of Win32/Kryptik.NCG trojan
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1\A0000021.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1\A0000022.exe a variant of Win32/Kryptik.NCG trojan
soboman is offline  
Old 05-13-2011, 02:20 PM   #14
Security Manager
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 39,536
OS: Windows 10 Pro

My System


Hi again

I'm not seeing any further signs of malware in your logs. Please run a fresh Gmer log, deleting any previous versions you may have first, then following these instructions.

Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click the exe file.
  • The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
  • In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in your reply.
Glaswegian is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:24 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts