Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Browser Malware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet Browser Malware?

Unread postby luckyguy457321 » October 1st, 2012, 8:34 am

DDS logs, and a description of your problems
Description
Um. There is internet connection, because some programs can still get access to the internet, but like, none of the web browsers have access to anything, and chrome keeps having a "timeout" error, even when trying to access the router settings page. It's possible to access the internet fully from other computers though, which is how I'm posting this.

DDS logs
DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Admin at 20:23:43 on 2012-10-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.3326.2306 [GMT 8:00]
.
AV: ZoneAlarm Security Suite Antivirus *Enabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Notepad++\notepad++.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Games\Steam\steam.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "e:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CAP3ON] c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRunOnce: [MessengerPlusLiveUninstall] "c:\docume~1\admin\locals~1\temp\MsgPlusUninstall.exe" /Cleanup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: e:\docume~1\admin\startm~1\programs\startup\readme.lnk - e:\README.txt
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
dPolicies-explorer: NoSetFolders = 1 (0x1)
dPolicies-explorer: NoFavoritesMenu = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 1040526406
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{636CF6E5-F379-48A8-90C2-B4F155C14351} : DhcpNameServer = 192.168.2.1
Notify: LMIinit - LMIinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\admin\application data\mozilla\firefox\profiles\n45goz84.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: e:\documents and settings\admin\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-5-31 21605]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-5-31 15668]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-5-31 114856]
R1 VETMONNT;VET File and Macro Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-5-31 896472]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-31 270672]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-23 47640]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2012-1-24 50728]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2011-9-29 21632]
R4 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-17 655944]
S3 BANG;BANG;c:\docume~1\admin\locals~1\temp\BANG.SYS [2012-9-8 1920]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S4 CAISafe;CA ISafe;c:\windows\system32\zonelabs\isafe.exe --> c:\windows\system32\zonelabs\isafe.exe [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-4 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-4 136176]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]
S4 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\logmein\x86\lmiguardiansvc.exe" --> c:\program files\logmein\x86\LMIGuardianSvc.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
S4 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-28 3027840]
.
=============== File Associations ===============
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-10-01 09:27:48 -------- d-----w- e:\documents and settings\admin\application data\fltk.org
2012-10-01 09:27:48 -------- d-----w- c:\documents and settings\all users\application data\fltk.org
2012-10-01 09:20:50 -------- d-----w- c:\documents and settings\admin\Saved Games
2012-10-01 09:06:18 212 ----a-w- c:\windows\ildasmfnt.bin
2012-10-01 08:51:03 -------- d-----w- e:\documents and settings\admin\local settings\application data\Procaster
2012-10-01 08:51:03 -------- d-----w- e:\documents and settings\admin\local settings\application data\CrashRpt
2012-10-01 08:37:11 -------- d-----w- c:\program files\CCleaner
2012-09-08 11:32:51 -------- d-----w- c:\program files\CheckPoint
2012-09-08 11:29:46 -------- d-s---w- C:\ComboFix
2012-09-08 11:06:02 -------- d-----w- e:\documents and settings\admin\application data\Ad-Aware Antivirus
2012-09-08 10:45:20 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-08 05:17:09 -------- d-----w- c:\program files\Dropbox
.
==================== Find3M ====================
.
2012-09-08 11:36:25 90112 ----a-w- c:\windows\DUMP318f.tmp
2012-07-08 17:30:53 138904 ----a-w- e:\documents and settings\admin\application data\PnkBstrK.sys
2012-07-08 17:28:23 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-08 17:28:18 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
.
============= FINISH: 20:24:12.21 ===============

Attach.txt - I'm not sure if I was meant to post this
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/31/2009 1:15:45 PM
System Uptime: 10/1/2012 1:51:31 PM (7 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770-DS3
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket M2 | 2210/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 23.75 GiB free.
D: is FIXED (NTFS) - 84 GiB total, 68.675 GiB free.
E: is FIXED (NTFS) - 90 GiB total, 22.275 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 73.154 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: nVidia WDM Video Capture (universal)
Device ID: DISPLAY\NVCAP\5&3B8591C7&0&CA000002&01&00
Manufacturer: nVidia
Name: nVidia WDM Video Capture (universal)
PNP Device ID: DISPLAY\NVCAP\5&3B8591C7&0&CA000002&01&00
Service: nvcap
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
RP226: 8/16/2012 7:26:49 PM - System Checkpoint
RP227: 8/19/2012 3:35:15 PM - System Checkpoint
RP228: 8/25/2012 2:09:29 PM - System Checkpoint
RP229: 9/8/2012 7:32:48 PM - Installed ZoneAlarm Security
RP230: 9/8/2012 7:42:12 PM - Removed ZoneAlarm Security
RP231: 9/22/2012 3:53:11 PM - System Checkpoint
RP232: 10/1/2012 4:56:52 PM - Removed Autodesk 3ds Max 9 32-bit
RP233: 10/1/2012 5:00:29 PM - Removed Microsoft Office XP Professional with FrontPage
RP234: 10/1/2012 5:02:00 PM - Removed SmartFTP Client
RP235: 10/1/2012 5:02:59 PM - Removed Windows Live Sign-in Assistant
RP236: 10/1/2012 6:18:11 PM - Removed LogMeIn
.
==== Installed Programs ======================
.
3dsmax ancillary install
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Age of Mythology
Amnesia: The Dark Descent
Apple Software Update
Autodesk DWF Viewer 7
Bastion
Canon LASER SHOT LBP-1120
CCleaner
Chaotic
DMIView B7.0108.01
Dual-Core Optimizer
Dungeons of Dredmor
Dystopia
ESET Online Scanner v3
FBX Plugin 2006.08 for Max 9.0
Free Download Manager 3.0
Function Hacker v2.5
Garry's Mod 13
GCFScape 1.7.5
Google Chrome
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Office (KB950278)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
i-Cool
Iron Man
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 24
League of Legends
Livestream Procaster
LogMeIn Hamachi
ManyCam 2.6.65 (remove only)
MapleStory
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 8.0.1 (x86 en-GB)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Notepad++
NVIDIA Drivers
NVIDIA nTune
NVIDIA PhysX
NVIDIA WDM Drivers
OpenAL
Osmos Demo
Paint.NET v3.5.10
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
SmartFTP Client 4.0 Setup Files (remove only)
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Superbrothers: Sword & Sworcery EP
TeamViewer 7
ThumbView_Lite 1.0
TortoiseSVN 1.7.7.22907 (32 bit)
Unity Web Player
Unlocker 1.8.7
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows XP (KB967715)
Virtual Audio Cable 4.10
VLC media player 1.1.11
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Sync
Windows Live Upload Tool
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
Worms Reloaded
XpertVision 6.1
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
9/28/2012 6:21:00 PM, error: Service Control Manager [7000] - The Cardex service failed to start due to the following error: Cannot create a file when that file already exists.
9/27/2012 8:46:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
9/27/2012 7:01:24 PM, error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: A system-level error occurred while verifying trust.
10/1/2012 6:18:04 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service LMIGuardianSvc with arguments "" in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}
10/1/2012 3:59:11 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
10/1/2012 3:54:02 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
.
==== End Of File ===========================

Thank you for your help.
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia
Advertisement
Register to Remove

Re: Internet Browser Malware?

Unread postby Gary R » October 3rd, 2012, 9:39 am

Download CKScanner to your Desktop.
  • Doubleclick CKScanner.exe to launch it.
  • Click Search For Files.
  • After a couple minutes a list will appear in the panel to the right.
  • Click Save List To File.
  • A message box will verify the file saved.
  • Close CKScanner.
  • Copy/paste the contents of ckfiles.txt in your next reply please (it will be on your Desktop).
  • Please run the program once only.



  • Download MGA Diagnostic Tool to your Desktop.
  • Double click MGADiag.exe to launch the programme.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.
    • Click Start > Run type Notepad click OK.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.
  • Close MGA Diagnostic Tool.
  • Copy/Paste the log in your next reply please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Internet Browser Malware?

Unread postby luckyguy457321 » October 4th, 2012, 5:56 am

ckfiles.txt
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\apb reloaded\apbgame\content\release\packages\symboleditor\primitives_splatscracks.upk
c:\program files\tc digital\chaotic\game\cardart\b_whepcrack.xnb
scanner sequence 3.AA.11.BLAPSJ
----- EOF -----

MGA Copy Button
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-YFQQC-7M3YM-7TGVW
Windows Product Key Hash: vzezwX1t+XLxr4tiV494K6by4I0=
Windows Product ID: 76477-OEM-2142964-82979
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {C1B41973-8E5B-4547-9ABB-A364C3946B59}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C1B41973-8E5B-4547-9ABB-A364C3946B59}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7TGVW</PKey><PID>76477-OEM-2142964-82979</PID><PIDType>3</PIDType><SID>S-1-5-21-1715567821-573735546-839522115</SID><SYSTEM><Manufacturer>GBT___</Manufacturer><Model>GBTUACPI</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F3</Version><SMBIOSVersion major="2" minor="3"/><Date>20071224000000.000000+000</Date></BIOS><HWID>B8743AF701842072</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 862B:Semp Toshiba Informatica Ltda|141B0:SYNNEX TECHNOLOGY INTERNATIONAL CORP|141B0:SYNNEX TECHNOLOGY INTERNATIONAL CORP|141B0:SYNNEX TECHNOLOGY INTERNATIONAL CORP|862B:TOSHIBA CORPORATION
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Thanks for your help.
If there is any non-genuine stuff on this computer, please notify and I will remove it.
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Internet Browser Malware?

Unread postby Gary R » October 6th, 2012, 1:56 am

Sorry to keep you waiting, I didn't get the usual e-mail notification of your reply, so I didn't know you had.

There's not a great deal showing in your DDS logs, so I'll need to run some additional checks to see if we can work out what might be causing your problems.

First

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next.

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Select the following options ....
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

Next

Please download MiniToolBox to your Desktop.

  • Double click MiniToolBox.exe to launch the program.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List last 10 Event Viewer Errors
    • List Installed Progams
    • List Users Partitions and Memory size.
    • List Minidump Files
  • Click Go to start the scan.
  • When finished a log Result.txt will open.
  • Please post it in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Internet Browser Malware?

Unread postby luckyguy457321 » October 6th, 2012, 4:39 am

I'm not sure of you needed to know this, but I'm running Windows XP
Thanks for your help.

TDSSKiller
It says "No threats found" after scanning 320 objects

Farbar
Farbar Service Scanner Version: 19-09-2012
Ran by Admin (administrator) on 06-10-2012 at 16:31:41
Running from "E:\Documents and Settings\Admin\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is set to Demand. The default start type is Auto.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox
MiniToolBox by Farbar Version: 23-07-2012
Ran by Admin (administrator) on 06-10-2012 at 16:33:28
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Hamachi Network Interface = Hamachi (Disconnected)
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : ZNET1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-20-18-A2-1F-20

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.36

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Saturday, 6 October 2012 4:25:57 PM

Lease Expires . . . . . . . . . . : Sunday, 7 October 2012 4:25:57 PM

Server: ZNet
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.237.67, 74.125.237.78, 74.125.237.65, 74.125.237.68
74.125.237.70, 74.125.237.64, 74.125.237.66, 74.125.237.73, 74.125.237.71
74.125.237.72, 74.125.237.69



Pinging google.com [74.125.237.69] with 32 bytes of data:



Reply from 74.125.237.69: bytes=32 time=82ms TTL=56

Reply from 74.125.237.69: bytes=32 time=83ms TTL=56



Ping statistics for 74.125.237.69:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 83ms, Average = 82ms

Server: ZNet
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.183.24, 98.138.253.109, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=843ms TTL=50

Reply from 72.30.38.140: bytes=32 time=1001ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 843ms, Maximum = 1001ms, Average = 922ms

Server: ZNet
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 20 18 a2 1f 20 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.36 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.36 192.168.2.36 20
192.168.2.36 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.36 192.168.2.36 20
224.0.0.0 240.0.0.0 192.168.2.36 192.168.2.36 20
255.255.255.255 255.255.255.255 192.168.2.36 192.168.2.36 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/01/2012 09:23:33 PM) (Source: Application Hang) (User: )
Description: Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/01/2012 09:19:08 PM) (Source: Application Hang) (User: )
Description: Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/01/2012 05:28:32 PM) (Source: Application Hang) (User: )
Description: Hanging application QuestViewer.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/01/2012 05:25:10 PM) (Source: .NET Runtime) (User: )
Description: Application: Terraria.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at Terraria.Program.Main(System.String[])

Error: (10/01/2012 05:25:08 PM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: Faulting application terraria.exe, version 1.0.4.0, stamp 4f158690, faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address 0x00012aeb.

Error: (09/08/2012 09:52:17 PM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/08/2012 07:33:21 PM) (Source: MsiInstaller) (User: ZNET1)ZNET1
Description: Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (09/08/2012 07:33:21 PM) (Source: MsiInstaller) (User: ZNET1)ZNET1
Description: Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (09/08/2012 07:33:20 PM) (Source: MsiInstaller) (User: ZNET1)ZNET1
Description: Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (09/08/2012 07:33:19 PM) (Source: MsiInstaller) (User: ZNET1)ZNET1
Description: Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error . Verify that you have sufficient access to that key, or contact your support personnel.


System errors:
=============
Error: (10/06/2012 04:26:10 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (10/06/2012 04:26:10 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%2148098049

Error: (10/06/2012 04:26:10 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2012 02:46:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2012 02:11:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2012 01:46:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2012 01:11:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2012 00:46:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2012 00:11:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/06/2012 00:03:51 PM) (Source: Service Control Manager) (User: )
Description: The Cardex service failed to start due to the following error:
%%183


Microsoft Office Sessions:
=========================
Error: (10/01/2012 09:23:33 PM) (Source: Application Hang)(User: )
Description: Steam.exe1.0.1446.623hungapp0.0.0.000000000

Error: (10/01/2012 09:19:08 PM) (Source: Application Hang)(User: )
Description: Steam.exe1.0.1446.623hungapp0.0.0.000000000

Error: (10/01/2012 05:28:32 PM) (Source: Application Hang)(User: )
Description: QuestViewer.exe0.0.0.0hungapp0.0.0.000000000

Error: (10/01/2012 05:25:10 PM) (Source: .NET Runtime)(User: )
Description: Application: Terraria.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at Terraria.Program.Main(System.String[])

Error: (10/01/2012 05:25:08 PM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: terraria.exe1.0.4.04f158690kernel32.dll5.1.2600.55124802a12c000012aeb

Error: (09/08/2012 09:52:17 PM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (09/08/2012 07:33:21 PM) (Source: MsiInstaller)(User: ZNET1)ZNET1
Description: Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)

Error: (09/08/2012 07:33:21 PM) (Source: MsiInstaller)(User: ZNET1)ZNET1
Description: Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)

Error: (09/08/2012 07:33:20 PM) (Source: MsiInstaller)(User: ZNET1)ZNET1
Description: Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)

Error: (09/08/2012 07:33:19 PM) (Source: MsiInstaller)(User: ZNET1)ZNET1
Description: Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

3dsmax ancillary install (Version: 1)
7-Zip 9.20
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Age of Mythology
Amnesia: The Dark Descent
Apple Software Update (Version: 2.1.1.116)
Autodesk DWF Viewer 7 (Version: 7.0.0)
Bastion
Canon LASER SHOT LBP-1120
CCleaner (Version: 3.23)
Chaotic (Version: 1.00.0000)
DMIView B7.0108.01 (Version: 1.3)
Dual-Core Optimizer (Version: 1.1.4.0169)
Dungeons of Dredmor
Dystopia
ESET Online Scanner v3
FBX Plugin 2006.08 for Max 9.0
Free Download Manager 3.0
Function Hacker v2.5 (Version: 2.5)
Garry's Mod 13
GCFScape 1.7.5
Google Chrome (Version: 22.0.1229.79)
Google Earth (Version: 5.2.0.5920)
Google Update Helper (Version: 1.3.21.115)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HijackThis 2.0.2 (Version: 2.0.2)
i-Cool (Version: 1.00.000)
Iron Man (Version: 1.00.0000)
Java Auto Updater (Version: 2.0.5.1)
Java DB 10.6.2.1 (Version: 10.6.2.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
Java(TM) SE Development Kit 6 Update 24 (Version: 1.6.0.240)
League of Legends (Version: 1.3)
Livestream Procaster (Version: 20.2.0)
LogMeIn Hamachi (Version: 2.0.3.89)
ManyCam 2.6.65 (remove only) (Version: 2.6.65)
MapleStory
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.4518.1066)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Setup Support Files (English) (Version: 10.0.1600.22)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft SQL Server Database Publishing Wizard 1.3 (Version: 10.0.1600.22)
Microsoft SQL Server VSS Writer (Version: 10.0.1600.22)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 8.0.1 (x86 en-GB) (Version: 8.0.1)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
MSXML4 Parser (Version: 1.0.0)
Notepad++ (Version: 5.6.8)
NVIDIA Drivers
NVIDIA nTune (Version: 1.00.0000)
NVIDIA PhysX (Version: 9.10.0129)
NVIDIA WDM Drivers
OpenAL
Osmos Demo
Paint.NET v3.5.10 (Version: 3.60.0)
PunkBuster Services (Version: 0.993)
QuickTime (Version: 7.60.92.0)
Realtek High Definition Audio Driver (Version: 5.10.0.5473)
SmartFTP Client 4.0 Setup Files (remove only) (Version: 4.0)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22)
SQL Server System CLR Types (Version: 10.0.1600.22)
Superbrothers: Sword & Sworcery EP
TeamViewer 7 (Version: 7.0.12541)
ThumbView_Lite 1.0
TortoiseSVN 1.7.7.22907 (32 bit) (Version: 1.7.22907)
Unity Web Player (Version: 2.5.1f5_24931)
Unlocker 1.8.7 (Version: 1.8.7)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows XP (KB967715) (Version: 1)
Virtual Audio Cable 4.10
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format Runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Worms Reloaded
XpertVision 6.1
Xvid Video Codec (Version: 1.3.1)

========================= Memory info: ===================================

Percentage of memory in use: 12%
Total physical RAM: 3326.42 MB
Available physical RAM: 2920.18 MB
Total Pagefile: 5210.32 MB
Available Pagefile: 4990.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.2 MB

========================= Partitions: =====================================

1 Drive c: (Windows XP) (Fixed) (Total:48.83 GB) (Free:24.14 GB) NTFS
2 Drive d: (Windows Vista) (Fixed) (Total:83.9 GB) (Free:68.67 GB) NTFS
3 Drive e: (DATA) (Fixed) (Total:89.96 GB) (Free:22.27 GB) NTFS
4 Drive f: (Zen's HDD) (Fixed) (Total:232.88 GB) (Free:73.19 GB) NTFS
10 Drive l: (ZEN STG) (Removable) (Total:3.73 GB) (Free:1.12 GB) FAT32

========================= Users: ========================================

User accounts for \\ZNET1

Aaryn Admin Administrator
ASPNET BenBen Guest
HelpAssistant Mum&Grandma SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini011512-01.dmp
C:\WINDOWS\Minidump\Mini012410-01.dmp
C:\WINDOWS\Minidump\Mini012612-01.dmp
C:\WINDOWS\Minidump\Mini030110-01.dmp
C:\WINDOWS\Minidump\Mini030212-01.dmp
C:\WINDOWS\Minidump\Mini030610-01.dmp
C:\WINDOWS\Minidump\Mini031511-01.dmp
C:\WINDOWS\Minidump\Mini041610-01.dmp
C:\WINDOWS\Minidump\Mini041610-02.dmp
C:\WINDOWS\Minidump\Mini042111-01.dmp
C:\WINDOWS\Minidump\Mini052612-01.dmp
C:\WINDOWS\Minidump\Mini071112-01.dmp
C:\WINDOWS\Minidump\Mini071812-01.dmp
C:\WINDOWS\Minidump\Mini090611-01.dmp
C:\WINDOWS\Minidump\Mini090812-01.dmp
C:\WINDOWS\Minidump\Mini091110-01.dmp
C:\WINDOWS\Minidump\Mini121910-01.dmp
C:\WINDOWS\Minidump\Mini122510-01.dmp

**** End of log ****
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Internet Browser Malware?

Unread postby Gary R » October 6th, 2012, 10:18 am

  • Click Start > Run
  • Type Services.msc into the Open: box
  • Click OK

This will open a Services window ....

  • Scan down the list of services in the right panel to find Cryptographic Services
  • Double click on it to open its Properties window.
  • Check Startup type is set to Automatic (if not select it from the drop down list)
  • Click OK

Exit out of the Services window.

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it
Image
  • Click the SCAN button to start the scan.
Image
  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • aswMBR log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Internet Browser Malware?

Unread postby luckyguy457321 » October 7th, 2012, 2:42 am

Services
I couldn't find Cryptographic Services but there was CryptSvc which I set from Manual to Automatic, is this okay?
Thanks for your help.

OTL.txt
OTL logfile created on: 7/10/2012 2:35:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 88.16% Memory free
5.09 Gb Paging File | 4.87 Gb Available in Paging File | 95.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 24.14 Gb Free Space | 49.43% Space Free | Partition Type: NTFS
Drive D: | 83.90 Gb Total Space | 68.67 Gb Free Space | 81.86% Space Free | Partition Type: NTFS
Drive E: | 89.96 Gb Total Space | 22.27 Gb Free Space | 24.75% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 73.19 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
Drive L: | 3.73 Gb Total Space | 1.12 Gb Free Space | 29.94% Space Free | Partition Type: FAT32

Computer Name: ZNET1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 14:29:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2012/05/15 12:54:32 | 000,276,872 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/05/02 12:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 11:20:06 | 002,157,064 | ---- | M] (Xpertvision, Inc.) -- C:\Program Files\XpertVision\TBPANEL.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2002/07/19 17:00:00 | 000,136,704 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
PRC - [2002/07/19 17:00:00 | 000,061,512 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CAP3RSK.EXE
PRC - [2002/07/19 17:00:00 | 000,030,720 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE


========== Modules (No Company Name) ==========

MOD - [2012/05/15 12:54:16 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2009/11/04 08:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2009/05/26 23:03:24 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/02 12:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/05/02 12:15:37 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2008/03/01 13:10:47 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/01/09 01:53:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/01/31 11:31:06 | 000,032,768 | ---- | M] () -- C:\Program Files\XpertVision\TBPanelExt.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\XpertVision\TBMANAGE.DLL


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\ZoneLabs\isafe.exe -- (CAISafe)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/19 19:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/02/19 06:21:00 | 002,769,658 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BenBen\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/08 19:35:29 | 000,001,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Admin\Local Settings\Temp\BANG.SYS -- (BANG)
DRV - [2012/01/24 12:19:54 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2011/09/29 15:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2011/09/26 18:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/05/31 15:06:01 | 000,896,472 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2009/05/31 15:06:01 | 000,114,856 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2009/05/31 13:59:39 | 000,016,512 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/04/06 13:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/05/02 12:15:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2007/09/04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/08/28 16:55:10 | 004,609,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2005/02/01 23:30:00 | 000,141,246 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap)
DRV - [2005/02/01 23:30:00 | 000,016,176 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/07/14 05:09:22 | 000,270,672 | ---- | M] (Zone Labs Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/05/28 16:19:18 | 000,021,605 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2004/05/28 16:19:18 | 000,015,668 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1715567821-573735546-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.143_0\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/16 19:39:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/24 19:14:49 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011/12/16 19:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 12:21:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/21 09:23:17 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/21 09:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/21 09:23:17 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/21 09:23:17 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/21 09:23:17 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com.au/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com.au/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/08 19:08:38 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE (CANON INC.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1715567821-573735546-839522115-1004..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE (CANON INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 1040526406 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-be ... canner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{636CF6E5-F379-48A8-90C2-B4F155C14351}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: E:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/10/27 09:43:38 | 000,000,194 | RHS- | M] () - L:\autorun.txt -- [ FAT32 ]
O33 - MountPoints2\{23cdca84-f24b-11df-89bf-002018a21f20}\Shell\AutoRun\command - "" = F:\9d6tpg.exe
O33 - MountPoints2\{23cdca84-f24b-11df-89bf-002018a21f20}\Shell\open\Command - "" = F:\9d6tpg.exe
O33 - MountPoints2\{86bd4142-8019-11de-8739-002018a21f20}\Shell - "" = AutoRun
O33 - MountPoints2\{86bd4142-8019-11de-8739-002018a21f20}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86bd4142-8019-11de-8739-002018a21f20}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
O33 - MountPoints2\{df32cb20-79d0-11de-8730-002018a21f20}\Shell\AutoRun\command - "" = F:\ZensUsb.exe
O33 - MountPoints2\{df32cb20-79d0-11de-8730-002018a21f20}\Shell\open\Command - "" = F:\ZensUsb.exe
O33 - MountPoints2\{df32cb20-79d0-11de-8730-002018a21f20}\Shell\This HDD belongs to Zen\Command - "" = F:\ZensUsb.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 14:34:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/10/06 16:32:53 | 000,751,391 | ---- | C] (Farbar) -- E:\Documents and Settings\Admin\Desktop\MiniToolBox.exe
[2012/10/06 16:31:19 | 000,693,265 | ---- | C] (Farbar) -- E:\Documents and Settings\Admin\Desktop\FSS.exe
[2012/10/06 16:28:22 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- E:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2012/10/01 17:27:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Admin\Application Data\fltk.org
[2012/10/01 17:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fltk.org
[2012/10/01 17:27:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Admin\My Documents\Amnesia
[2012/10/01 17:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Saved Games
[2012/10/01 17:00:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/01 16:51:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Admin\Local Settings\Application Data\Procaster
[2012/10/01 16:51:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Admin\Local Settings\Application Data\CrashRpt
[2012/10/01 16:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/10/01 16:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/08 19:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/09/08 19:29:46 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/09/08 19:27:36 | 000,000,000 | R--D | C] -- E:\Documents and Settings\Admin\My Documents\My Videos
[2012/09/08 19:06:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Admin\Application Data\Ad-Aware Antivirus
[2012/09/08 18:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/08 14:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012/09/08 13:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/07 14:35:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CC5B68AB-112A-46A0-92A3-2E4D362CA911}.job
[2012/10/07 14:34:07 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2012/10/07 14:30:48 | 004,731,392 | ---- | M] (AVAST Software) -- E:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2012/10/07 14:29:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/10/07 14:08:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-573735546-839522115-1004UA.job
[2012/10/07 13:48:26 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 13:45:00 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-573735546-839522115-1005UA.job
[2012/10/07 11:44:23 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 11:44:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/06 19:08:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-573735546-839522115-1004Core.job
[2012/10/06 18:45:00 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-573735546-839522115-1005Core.job
[2012/10/06 16:22:40 | 000,751,391 | ---- | M] (Farbar) -- E:\Documents and Settings\Admin\Desktop\MiniToolBox.exe
[2012/10/06 16:22:34 | 000,693,265 | ---- | M] (Farbar) -- E:\Documents and Settings\Admin\Desktop\FSS.exe
[2012/10/05 19:18:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/04 17:35:48 | 000,458,240 | ---- | M] () -- E:\Documents and Settings\Admin\Desktop\CKScanner.exe
[2012/10/01 17:22:46 | 000,008,192 | ---- | M] () -- E:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/01 17:09:10 | 000,000,212 | ---- | M] () -- C:\WINDOWS\ildasmfnt.bin
[2012/10/01 15:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/29 17:44:40 | 000,001,542 | ---- | M] () -- E:\Documents and Settings\Admin\Desktop\Google Chrome.lnk
[2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- E:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2012/09/08 18:49:08 | 000,004,047 | ---- | M] () -- E:\Documents and Settings\Admin\Desktop\asd.xspf
[2012/09/08 18:46:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/08 18:38:25 | 000,000,423 | RHS- | M] () -- C:\boot.ini
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/04 17:37:56 | 000,458,240 | ---- | C] () -- E:\Documents and Settings\Admin\Desktop\CKScanner.exe
[2012/10/01 17:06:18 | 000,000,212 | ---- | C] () -- C:\WINDOWS\ildasmfnt.bin
[2012/09/08 18:49:08 | 000,004,047 | ---- | C] () -- E:\Documents and Settings\Admin\Desktop\asd.xspf
[2012/09/08 18:46:48 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/09/08 18:46:43 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/08 18:38:30 | 000,001,058 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 Status Window.LNK
[2012/07/09 01:30:53 | 000,138,904 | ---- | C] () -- E:\Documents and Settings\Admin\Application Data\PnkBstrK.sys
[2012/01/18 22:54:34 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/01/18 22:54:34 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/01/18 22:52:42 | 000,840,264 | ---- | C] () -- C:\WINDOWS\System32\pbsvc (1).exe
[2012/01/10 18:47:38 | 000,840,264 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2012/01/09 13:21:22 | 002,585,160 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_apb.exe
[2011/07/18 01:17:51 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lposkj.sys
[2011/04/28 22:58:46 | 000,001,008 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2011/04/25 20:23:52 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/04/25 20:23:52 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/12/22 22:40:57 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/12/22 22:40:56 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/11/16 20:31:46 | 000,008,192 | ---- | C] () -- E:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/04 20:41:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/07/05 14:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Visual Basic Express
[2012/10/01 16:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/05/31 13:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2012/09/08 19:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/10/01 17:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fltk.org
[2009/07/04 19:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/05/31 14:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/07/17 22:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/07/05 14:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Basic Express
[2009/07/05 14:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Visual Basic Express
[2009/07/05 14:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Visual Basic Express
[2009/07/05 14:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mum&Grandma\Application Data\Visual Basic Express
[2009/07/05 14:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Visual Basic Express

========== Purity Check ==========



< End of report >
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Internet Browser Malware?

Unread postby luckyguy457321 » October 7th, 2012, 2:43 am

Extras.txt
OTL Extras logfile created on: 7/10/2012 2:35:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 88.16% Memory free
5.09 Gb Paging File | 4.87 Gb Available in Paging File | 95.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 24.14 Gb Free Space | 49.43% Space Free | Partition Type: NTFS
Drive D: | 83.90 Gb Total Space | 68.67 Gb Free Space | 81.86% Space Free | Partition Type: NTFS
Drive E: | 89.96 Gb Total Space | 22.27 Gb Free Space | 24.75% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 73.19 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
Drive L: | 3.73 Gb Total Space | 1.12 Gb Free Space | 29.94% Space Free | Partition Type: FAT32

Computer Name: ZNET1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1715567821-573735546-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Admin] -- E:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Command] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56711:TCP" = 56711:TCP:*:Enabled:Pando Media Booster
"56711:UDP" = 56711:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"25565:TCP" = 25565:TCP:*:Enabled:Minecraft Server
"56711:TCP" = 56711:TCP:*:Enabled:Pando Media Booster
"56711:UDP" = 56711:UDP:*:Enabled:Pando Media Booster
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"80:TCP" = 80:TCP:*:Enabled:fcsdfasdfasdfasdfasdf

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"E:\Documents and Settings\Ben Ben\Application Data\Dropbox\bin\Dropbox.exe" = E:\Documents and Settings\Ben Ben\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- (FreeDownloadManager.ORG)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"F:\Games\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = F:\Games\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"F:\Games\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = F:\Games\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants vs. Zombies: Game of the Year -- ()
"F:\Games\Steam\steamapps\benben321\age of chivalry\hl2.exe" = F:\Games\Steam\steamapps\benben321\age of chivalry\hl2.exe:*:Enabled:Age of Chivalry -- ()
"F:\Games\Steam\steamapps\benben321\diprip warm up\hl2.exe" = F:\Games\Steam\steamapps\benben321\diprip warm up\hl2.exe:*:Enabled:D.I.P.R.I.P. Warm Up -- ()
"F:\Games\Steam\steamapps\common\zero gear\ZeroGear.bat" = F:\Games\Steam\steamapps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear Demo -- ()
"F:\Games\Steam\steamapps\common\crayon physics deluxe demo\launcher.exe" = F:\Games\Steam\steamapps\common\crayon physics deluxe demo\launcher.exe:*:Enabled:Crayon Physics Deluxe Demo -- ()
"F:\Games\Steam\steamapps\common\cities xl\runme.exe" = F:\Games\Steam\steamapps\common\cities xl\runme.exe:*:Enabled:Cities XL - Limited Edition -- ()
"F:\Games\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe" = F:\Games\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe:*:Enabled:Moonbase Alpha -- ()
"F:\Games\Steam\steamapps\benben321\day of defeat source\hl2.exe" = F:\Games\Steam\steamapps\benben321\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source -- ()
"F:\Games\Steam\steamapps\benben321\synergy dedicated server\srcds.exe" = F:\Games\Steam\steamapps\benben321\synergy dedicated server\srcds.exe:*:Enabled:Synergy Dedicated Server -- ()
"F:\Games\Steam\steamapps\common\swarm arena demo\swarm.exe" = F:\Games\Steam\steamapps\common\swarm arena demo\swarm.exe:*:Enabled:Swarm Arena Demo -- ()
"F:\Games\Steam\steamapps\common\alien swarm\srcds.exe" = F:\Games\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"F:\Games\Steam\steamapps\common\osmos demo\OsmosDemo.exe" = F:\Games\Steam\steamapps\common\osmos demo\OsmosDemo.exe:*:Enabled:Osmos Demo -- ()
"F:\Games\Steam\steamapps\benben321\team fortress 2 trailer\smp.exe" = F:\Games\Steam\steamapps\benben321\team fortress 2 trailer\smp.exe:*:Enabled:Team Fortress 2 Trailer -- (Valve)
"F:\Games\Steam\steamapps\benben321\team fortress 2 trailer 2\smp.exe" = F:\Games\Steam\steamapps\benben321\team fortress 2 trailer 2\smp.exe:*:Enabled:Team Fortress 2 Trailer 2 -- (Valve)
"F:\Games\Steam\steamapps\benben321\team fortress 2 meet the heavy\smp.exe" = F:\Games\Steam\steamapps\benben321\team fortress 2 meet the heavy\smp.exe:*:Enabled:Team Fortress 2: Meet the Heavy -- (Valve)
"F:\Games\Steam\steamapps\benben321\team fortress 2 meet the soldier\smp.exe" = F:\Games\Steam\steamapps\benben321\team fortress 2 meet the soldier\smp.exe:*:Enabled:Team Fortress 2: Meet The Soldier -- (Valve)
"F:\Games\Steam\steamapps\benben321\meet the engineer\smp.exe" = F:\Games\Steam\steamapps\benben321\meet the engineer\smp.exe:*:Enabled:Team Fortress 2: Meet The Engineer -- (Valve)
"F:\Games\Steam\steamapps\benben321\global agenda - no elves trailer\smp.exe" = F:\Games\Steam\steamapps\benben321\global agenda - no elves trailer\smp.exe:*:Enabled:Global Agenda - No Elves Trailer -- (Valve)
"F:\Games\Steam\steamapps\common\global agenda launch trailer\smp.exe" = F:\Games\Steam\steamapps\common\global agenda launch trailer\smp.exe:*:Enabled:Global Agenda Launch Trailer -- (Valve)
"F:\Games\Steam\steamapps\common\portal 2 teaser\smp.exe" = F:\Games\Steam\steamapps\common\portal 2 teaser\smp.exe:*:Enabled:Portal 2 Teaser -- (Valve)
"E:\Documents and Settings\Ben Ben\My Documents\Downloads\Tremulous_hack_V4.2.4\THZ Client\THZ-Client\tremulous.x86.exe" = E:\Documents and Settings\Ben Ben\My Documents\Downloads\Tremulous_hack_V4.2.4\THZ Client\THZ-Client\tremulous.x86.exe:*:Enabled:tremulous.x86 -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"F:\Games\Steam\steamapps\benben321\counter-strike source\hl2.exe" = F:\Games\Steam\steamapps\benben321\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"F:\Games\Steam\steamapps\benben321\team fortress 2\hl2.exe" = F:\Games\Steam\steamapps\benben321\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"F:\Games\Steam\steamapps\benben321\dystopia\hl2.exe" = F:\Games\Steam\steamapps\benben321\dystopia\hl2.exe:*:Enabled:hl2 -- ()
"F:\Games\Steam\steamapps\benben321\synergy\hl2.exe" = F:\Games\Steam\steamapps\benben321\synergy\hl2.exe:*:Enabled:Synergy -- ()
"F:\Games\Steam\steamapps\benben321\garrysmod\hl2.exe" = F:\Games\Steam\steamapps\benben321\garrysmod\hl2.exe:*:Enabled:Garry's Mod
"F:\Games\Steam\steamapps\common\Psychonauts\Psychonauts.exe" = F:\Games\Steam\steamapps\common\Psychonauts\Psychonauts.exe:*:Enabled:Psychonauts -- (Double Fine Productions)
"F:\Games\Steam\steamapps\common\bastion\Bastion.exe" = F:\Games\Steam\steamapps\common\bastion\Bastion.exe:*:Enabled:Bastion -- (Supergiant Games)
"F:\Games\Steam\steamapps\common\cities xl\smp.exe" = F:\Games\Steam\steamapps\common\cities xl\smp.exe:*:Enabled:cities xl -- (Valve)
"F:\Games\Steam\steamapps\common\cities game play\smp.exe" = F:\Games\Steam\steamapps\common\cities game play\smp.exe:*:Enabled:cities game play -- (Valve)
"F:\Games\Steam\steamapps\common\bob came in pieces trailer\smp.exe" = F:\Games\Steam\steamapps\common\bob came in pieces trailer\smp.exe:*:Enabled:Bob Came in Pieces Trailer -- (Valve)
"F:\Games\Steam\steamapps\common\The Political Machine Trailer\smp.exe" = F:\Games\Steam\steamapps\common\The Political Machine Trailer\smp.exe:*:Enabled:The Political Machine Trailer -- (Valve)
"F:\Games\Steam\steamapps\benben321\team fortress 2 meet the spy\smp.exe" = F:\Games\Steam\steamapps\benben321\team fortress 2 meet the spy\smp.exe:*:Enabled:Team Fortress 2: Meet the Spy -- (Valve)
"F:\Games\Steam\steamapps\benben321\team fortress 2 meet the sandvich\smp.exe" = F:\Games\Steam\steamapps\benben321\team fortress 2 meet the sandvich\smp.exe:*:Enabled:Team Fortress 2: Meet the Sandvich -- (Valve)
"F:\Games\Steam\steamapps\benben321\team fortress 2 meet the scout\smp.exe" = F:\Games\Steam\steamapps\benben321\team fortress 2 meet the scout\smp.exe:*:Enabled:Team Fortress 2: Meet the Scout -- (Valve)
"F:\Games\Steam\steamapps\benben321\team fortress 2 meet the demoman\smp.exe" = F:\Games\Steam\steamapps\benben321\team fortress 2 meet the demoman\smp.exe:*:Enabled:Team Fortress 2: Meet the Demoman -- (Valve)
"F:\Games\Steam\steamapps\common\Endless Space Trailer\smp.exe" = F:\Games\Steam\steamapps\common\Endless Space Trailer\smp.exe:*:Enabled:Endless Space Trailer -- (Valve)
"F:\Games\Steam\steamapps\common\Team Fortress 2 Meet the Scout\smp.exe" = F:\Games\Steam\steamapps\common\Team Fortress 2 Meet the Scout\smp.exe:*:Enabled:Team Fortress 2: Meet the Scout -- (Valve)
"F:\Games\Steam\steamapps\common\Team Fortress 2 Meet the Sniper\smp.exe" = F:\Games\Steam\steamapps\common\Team Fortress 2 Meet the Sniper\smp.exe:*:Enabled:Team Fortress 2: Meet the Sniper -- (Valve)
"F:\Games\Steam\steamapps\common\Team Fortress 2 Meet the Sandvich\smp.exe" = F:\Games\Steam\steamapps\common\Team Fortress 2 Meet the Sandvich\smp.exe:*:Enabled:Team Fortress 2: Meet the Sandvich -- (Valve)
"F:\Games\Steam\steamapps\common\Team Fortress 2 Meet the Spy\smp.exe" = F:\Games\Steam\steamapps\common\Team Fortress 2 Meet the Spy\smp.exe:*:Enabled:Team Fortress 2: Meet the Spy -- (Valve)
"F:\Games\Steam\steamapps\common\Team Fortress 2 - Mac Trailer\smp.exe" = F:\Games\Steam\steamapps\common\Team Fortress 2 - Mac Trailer\smp.exe:*:Enabled:Team Fortress 2 - Mac Trailer -- (Valve)
"F:\Games\Steam\steamapps\common\Meet the Pyro TF2\smp.exe" = F:\Games\Steam\steamapps\common\Meet the Pyro TF2\smp.exe:*:Enabled:Team Fortress 2: Meet the Pyro -- (Valve)
"F:\Games\Steam\steamapps\common\apb reloaded\Binaries\APB.exe" = F:\Games\Steam\steamapps\common\apb reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe -- (K2 Network, Inc.)
"F:\Games\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe" = F:\Games\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe -- (Vivox Inc.)
"F:\Games\Steam\steamapps\common\global agenda live\Binaries\LauncherBin\HiRezLauncherUI.exe" = F:\Games\Steam\steamapps\common\global agenda live\Binaries\LauncherBin\HiRezLauncherUI.exe:*:Enabled:Global Agenda -- (Hi-Rez Studios Inc.)
"F:\Games\Steam\steamapps\common\alien swarm\swarm.exe" = F:\Games\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"F:\Games\Steam\steamapps\common\global agenda live\Binaries\GlobalAgenda.exe" = F:\Games\Steam\steamapps\common\global agenda live\Binaries\GlobalAgenda.exe:*:Enabled:TgGame Client -- (HiRez Studios, Inc.)
"F:\Games\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe" = F:\Games\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe:*:Enabled:APB Reloaded -- (K2 Network, Inc.)
"F:\Games\Steam\steamapps\common\dungeons of dredmor\Dungeons of Dredmor.exe" = F:\Games\Steam\steamapps\common\dungeons of dredmor\Dungeons of Dredmor.exe:*:Enabled:Dungeons of Dredmor -- ()
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
"E:\Documents and Settings\Ben Ben\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = E:\Documents and Settings\Ben Ben\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Free Download Manager\fdmwi.exe" = C:\Program Files\Free Download Manager\fdmwi.exe:*:Enabled:fdmwi -- ()
"F:\Games\Tremulous\tremulous.exe" = F:\Games\Tremulous\tremulous.exe:*:Enabled:tremulous -- ()
"F:\Games\Steam\steamapps\common\amnesia the dark descent\Launcher.exe" = F:\Games\Steam\steamapps\common\amnesia the dark descent\Launcher.exe:*:Enabled:Amnesia: The Dark Descent -- ()
"F:\Games\Steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe" = F:\Games\Steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe:*:Enabled:Superbrothers: Sword & Sworcery EP -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{26D8D185-F70E-4311-A511-22E979A036C5}" = Iron Man
"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B7.0108.01
"{42FC6E51-C6A9-45F8-8D15-138D84E65142}" = Function Hacker v2.5
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{662CFD19-EA80-4EFE-A0D8-EE10EFEB3C83}" = Livestream Procaster
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D1BA4778-61DB-4405-AD57-03C939080E19}" = Chaotic
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DE9CF741-20F7-488B-8B85-9D0F86FA51B4}" = TortoiseSVN 1.7.7.22907 (32 bit)
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Mythology 1.0" = Age of Mythology
"Canon LASER SHOT LBP-1120" = Canon LASER SHOT LBP-1120
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"Free Download Manager_is1" = Free Download Manager 3.0
"GCFScape_is1" = GCFScape 1.7.5
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"LogMeIn Hamachi" = LogMeIn Hamachi
"ManyCam" = ManyCam 2.6.65 (remove only)
"MapleStory" = MapleStory
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox 8.0.1 (x86 en-GB)" = Mozilla Firefox 8.0.1 (x86 en-GB)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Steam App 107100" = Bastion
"Steam App 17580" = Dystopia
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 22600" = Worms Reloaded
"Steam App 29200" = Osmos Demo
"Steam App 4010" = Garry's Mod 13
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 98800" = Dungeons of Dredmor
"TeamViewer 7" = TeamViewer 7
"ThumbView_Lite 1.0" = ThumbView_Lite 1.0
"UnityWebPlayer" = Unity Web Player
"Unlocker" = Unlocker 1.8.7
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XpertVision_is1" = XpertVision 6.1
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-573735546-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/09/2012 7:33:19 AM | Computer Name = ZNET1 | Source = MsiInstaller | ID = 11406
Description = Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive
to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error .
Verify that you have sufficient access to that key, or contact your support personnel.

Error - 8/09/2012 7:33:20 AM | Computer Name = ZNET1 | Source = MsiInstaller | ID = 11406
Description = Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive
to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error .
Verify that you have sufficient access to that key, or contact your support personnel.

Error - 8/09/2012 7:33:21 AM | Computer Name = ZNET1 | Source = MsiInstaller | ID = 11406
Description = Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive
to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error .
Verify that you have sufficient access to that key, or contact your support personnel.

Error - 8/09/2012 7:33:21 AM | Computer Name = ZNET1 | Source = MsiInstaller | ID = 11406
Description = Product: ZoneAlarm Security -- Error 1406. Could not write value SharedDirDrive
to key \SYSTEM\CurrentControlSet\services\Vsdatant\Parameters. System error .
Verify that you have sufficient access to that key, or contact your support personnel.

Error - 8/09/2012 9:52:17 AM | Computer Name = ZNET1 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2012 5:25:08 AM | Computer Name = ZNET1 | Source = .NET Runtime 4.0 Error Reporting | ID = 1000
Description = Faulting application terraria.exe, version 1.0.4.0, stamp 4f158690,
faulting module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0,
fault address 0x00012aeb.

Error - 1/10/2012 5:25:10 AM | Computer Name = ZNET1 | Source = .NET Runtime | ID = 1026
Description = Application: Terraria.exe Framework Version: v4.0.30319 Description:
The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException
Stack:

at Terraria.Program.Main(System.String[])

Error - 1/10/2012 5:28:32 AM | Computer Name = ZNET1 | Source = Application Hang | ID = 1002
Description = Hanging application QuestViewer.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2012 9:19:08 AM | Computer Name = ZNET1 | Source = Application Hang | ID = 1002
Description = Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2012 9:23:33 AM | Computer Name = ZNET1 | Source = Application Hang | ID = 1002
Description = Hanging application Steam.exe, version 1.0.1446.623, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/10/2012 10:05:07 AM | Computer Name = ZNET1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/10/2012 11:44:23 PM | Computer Name = ZNET1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 6/10/2012 11:44:30 PM | Computer Name = ZNET1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%2148098049

Error - 6/10/2012 11:44:30 PM | Computer Name = ZNET1 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 6/10/2012 11:44:32 PM | Computer Name = ZNET1 | Source = Service Control Manager | ID = 7000
Description = The Cardex service failed to start due to the following error: %%183

Error - 6/10/2012 11:50:29 PM | Computer Name = ZNET1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 7/10/2012 12:46:00 AM | Computer Name = ZNET1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 7/10/2012 12:50:29 AM | Computer Name = ZNET1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 7/10/2012 1:46:00 AM | Computer Name = ZNET1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 7/10/2012 1:50:29 AM | Computer Name = ZNET1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}


< End of report >
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Internet Browser Malware?

Unread postby luckyguy457321 » October 7th, 2012, 2:44 am

aswMBR log
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-07 14:39:09
-----------------------------
14:39:09.250 OS Version: Windows 5.1.2600 Service Pack 3
14:39:09.250 Number of processors: 4 586 0x202
14:39:09.250 ComputerName: ZNET1 UserName: Admin
14:39:09.437 Initialize success
14:39:12.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:39:12.375 Disk 0 Vendor: SAMSUNG_HD250HJ FH100-06 Size: 238474MB BusType: 3
14:39:12.390 Disk 0 MBR read successfully
14:39:12.406 Disk 0 MBR scan
14:39:12.406 Disk 0 Windows XP default MBR code
14:39:12.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
14:39:12.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 85910 MB offset 102398310
14:39:12.421 Disk 0 Partition - 00 0F Extended LBA 100006 MB offset 283579380
14:39:12.437 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 92121 MB offset 283592799
14:39:12.437 Disk 0 scanning sectors +488392065
14:39:12.500 Disk 0 scanning C:\WINDOWS\system32\drivers
14:39:16.437 Service scanning
14:39:22.921 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
14:39:23.906 Modules scanning
14:39:42.312 Disk 0 trace - called modules:
14:39:42.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:39:42.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b186ab8]
14:39:42.343 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8b2043b8]
14:39:42.343 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b18a940]
14:39:42.343 Scan finished successfully
14:39:59.781 Disk 0 MBR has been saved successfully to "L:\MRFixing\MBR.dat"
14:39:59.796 The log file has been saved successfully to "L:\MRFixing\aswMBR.txt"
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Internet Browser Malware?

Unread postby Gary R » October 7th, 2012, 5:09 am

Firstly, yes CryptSvc is the same as Cryptographic Services ... the first is the Service name, the second is the Service Display Name. Usually it's the Service Display Name that is shown in the Services list which is why I gave it.

Next

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

Java(TM) 6 Update 26


Old versions of java can be exploited.

Next

I see you have run Combofix on your computer, was this in conjunction with a helper at another forum, or did you just run it yourself ?

Please post me the log from it, it can be found at C:\Combofix.txt

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
DRV - [2012/09/08 19:35:29 | 000,001,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Admin\Local Settings\Temp\BANG.SYS -- (BANG)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1715567821-573735546-839522115-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O33 - MountPoints2\{23cdca84-f24b-11df-89bf-002018a21f20}\Shell\AutoRun\command - "" = F:\9d6tpg.exe
O33 - MountPoints2\{23cdca84-f24b-11df-89bf-002018a21f20}\Shell\open\Command - "" = F:\9d6tpg.exe
O33 - MountPoints2\{86bd4142-8019-11de-8739-002018a21f20}\Shell - "" = AutoRun
O33 - MountPoints2\{86bd4142-8019-11de-8739-002018a21f20}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86bd4142-8019-11de-8739-002018a21f20}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
O33 - MountPoints2\{df32cb20-79d0-11de-8730-002018a21f20}\Shell\AutoRun\command - "" = F:\ZensUsb.exe
O33 - MountPoints2\{df32cb20-79d0-11de-8730-002018a21f20}\Shell\open\Command - "" = F:\ZensUsb.exe
O33 - MountPoints2\{df32cb20-79d0-11de-8730-002018a21f20}\Shell\This HDD belongs to Zen\Command - "" = F:\ZensUsb.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

:Commands
[resethosts]
[emptytemp]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Which browsers have you used to try and connect to the internet?

If you have tried Internet Explorer and Firefox, have you tried connecting with them when they are in "Browser Safe Mode" (with all extensions disabled)

To run Firefox in Safe Mode, see ... http://www.malwareremoval.com/forum/vie ... 45#p590245

To run Internet Explorer in Safe Mode, see ... http://www.malwareremoval.com/forum/vie ... 96#p588796

Let me know if you have any success connecting.

Summary of the logs I need from you in your next post:
  • Combofix.txt
  • OTL log
  • Let me know if running FF and/or IE in "safe mode" has any effect.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Internet Browser Malware?

Unread postby luckyguy457321 » October 8th, 2012, 8:07 am

The uninstall was successful for Java(TM) 6 Update 26

I ran Combofix because I thought that it could fix this problem, no one advised me to do it though.
This browser problem though, which only started happening in last few months.

"Which browsers have you used to try and connect to the internet?"
I've previously tried using Internet Explorer, Firefox and Google Chrome. All of them fail to get to google.com

""Browser Safe Mode" (with all extensions disabled)"
Internet Explorer without addons and extensions still fails to navigate to google.com it fails with an "Internet Explorer cannot display the webpage" error.
Firefox without addons and extenstions also fails to navigate to google.com there isn't an error yet, but it's still got the spinning connecting symbol which has been going on for a while.

Rarely when I turn on the computer, windows boots to this low resolution light blue screen with an error message box in the middle with random symbols and a single button with random symbols as well, after a short period of time, the computer shuts off and reboots again, and windows loads normally. I not sure if this was relevant, but I thought that it might be important to tell you this.

Thanks for you help.
Last edited by luckyguy457321 on October 8th, 2012, 8:18 am, edited 3 times in total.
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Internet Browser Malware?

Unread postby luckyguy457321 » October 8th, 2012, 8:08 am

Combofix.txt - From when it was last run
ComboFix 12-01-09.07 - BenBen 10/01/2012 18:46:15.4.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.3326.2679 [GMT 8:00]
Running from: e:\documents and settings\Ben Ben\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *Disabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Ben Ben\Application Data\PnkBstrB.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 10:47 . 2012-01-10 10:32 840264 ----a-w- c:\windows\system32\pbsvc.exe
2012-01-09 05:57 . 2012-01-09 05:58 -------- d-----w- c:\program files\apb reloaded
2012-01-09 05:50 . 2012-01-09 05:50 -------- d-----w- c:\program files\GamersFirst
2012-01-09 05:21 . 2012-01-10 10:47 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-01-09 05:21 . 2012-01-10 10:47 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-01-09 05:21 . 2011-04-22 18:23 2585160 ----a-w- c:\windows\system32\pbsvc_apb.exe
2012-01-09 02:55 . 2012-01-09 05:58 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-01-09 02:55 . 2012-01-09 02:55 -------- d-----w- e:\documents and settings\Ben Ben\Local Settings\Application Data\PunkBuster
2012-01-09 02:49 . 2012-01-10 10:50 138904 ----a-w- e:\documents and settings\Ben Ben\Application Data\PnkBstrK.sys
2012-01-02 08:55 . 2012-01-02 08:55 -------- d-----w- e:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2011-12-18 16:01 . 2011-12-18 16:01 -------- d-----w- c:\program files\Cheat Engine 6.1
2011-12-16 11:36 . 2011-12-16 11:36 -------- d-----w- c:\program files\AutoIt3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 04:21 . 2011-12-16 11:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-10_08.09.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-10 10:42 . 2012-01-10 10:42 16384 c:\windows\temp\Perflib_Perfdata_798.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 00:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 00:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 00:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 00:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 00:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 00:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 00:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 00:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 00:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Ben Ben\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Ben Ben\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Ben Ben\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- e:\documents and settings\Ben Ben\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-07-13 705808]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-19 22528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
e:\documents and settings\Admin\Start Menu\Programs\Startup\
README.lnk - E:\README.txt [2009-7-5 143]
.
e:\documents and settings\Ben Ben\Start Menu\Programs\Startup\
Dropbox.lnk - e:\documents and settings\Ben Ben\Application Data\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-09-26 10:15 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon LASER SHOT LBP-1120 Status Window.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1120 Status Window.LNK
backup=c:\windows\pss\Canon LASER SHOT LBP-1120 Status Window.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Ben Ben^Start Menu^Programs^Startup^README.lnk]
path=e:\documents and settings\Ben Ben\Start Menu\Programs\Startup\README.lnk
backup=c:\windows\pss\README.lnkStartup
.
[HKLM\~\startupfolder\E:^Documents and Settings^Mum&Grandma^Start Menu^Programs^Startup^README.lnk]
path=e:\documents and settings\Mum&Grandma\Start Menu\Programs\Startup\README.lnk
backup=c:\windows\pss\README.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 05:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 21:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-22 11:47 135664 ----atw- e:\documents and settings\Ben Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-02-28 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 21:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-01-08 17:53 8523776 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 11:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-01-08 17:53 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-01-08 17:53 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-02-28 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 08:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-08-20 07:38 16384512 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 04:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2008-01-29 03:20 2157064 ----a-w- c:\program files\XpertVision\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TeamViewer4"=2 (0x2)
"SQLWriter"=2 (0x2)
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"CAISafe"=2 (0x2)
"fsssvc"=3 (0x3)
"dmadmin"=3 (0x3)
"mi-raysat_3dsmax9_32"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"npggsvc"=3 (0x3)
"LMIGuardianSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"e:\\Documents and Settings\\Ben Ben\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Games\\Tremulous\\tremulous.exe"=
"f:\\Games\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"f:\\Games\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\age of chivalry\\hl2.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\diprip warm up\\hl2.exe"=
"f:\\Games\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"f:\\Games\\Steam\\steamapps\\common\\crayon physics deluxe demo\\launcher.exe"=
"f:\\Games\\Steam\\steamapps\\common\\cities xl\\runme.exe"=
"f:\\Games\\Steam\\steamapps\\common\\moon base alpha\\Binaries\\Win32\\MoonBaseAlphaGame.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\day of defeat source\\hl2.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\synergy dedicated server\\srcds.exe"=
"f:\\Games\\Steam\\steamapps\\common\\swarm arena demo\\swarm.exe"=
"f:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"f:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"f:\\Games\\Steam\\steamapps\\common\\osmos demo\\OsmosDemo.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\team fortress 2 trailer\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\team fortress 2 trailer 2\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\team fortress 2 meet the heavy\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\team fortress 2 meet the soldier\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\meet the engineer\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\team fortress 2 meet the demoman\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\team fortress 2 meet the scout\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\team fortress 2 meet the sandvich\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\team fortress 2 meet the spy\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\global agenda - no elves trailer\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\common\\cities xl\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\common\\cities game play\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\common\\global agenda launch trailer\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\common\\bob came in pieces trailer\\smp.exe"=
"f:\\Games\\Steam\\steamapps\\common\\portal 2 teaser\\smp.exe"=
"e:\\Documents and Settings\\Ben Ben\\My Documents\\Downloads\\Tremulous_hack_V4.2.4\\THZ Client\\THZ-Client\\tremulous.x86.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Games\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"=
"f:\\Games\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"=
"f:\\Games\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\counter-strike source\\hl2.exe"=
"f:\\Games\\Steam\\steamapps\\benben321\\synergy\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25565:TCP"= 25565:TCP:Minecraft Server
"56711:TCP"= 56711:TCP:Pando Media Booster
"56711:UDP"= 56711:UDP:Pando Media Booster
.
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 3:10 PM 12856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [12/6/2010 8:31 AM 1238408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/17/2009 12:16 PM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 1:19 PM 23064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/4/2010 10:06 PM 136176]
S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/26/2011 6:15 PM 374152]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/17/2009 12:16 PM 366152]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 8:28 AM 47128]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 8:28 AM 369688]
S4 TeamViewer4;TeamViewer 4;"e:\documents and settings\Ben Ben\temp\TeamViewer\Version4\TeamViewer_Service.exe" -service --> e:\documents and settings\Ben Ben\temp\TeamViewer\Version4\TeamViewer_Service.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PNKBSTRA
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 14:06]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 14:06]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-573735546-839522115-1004Core.job
- e:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-03 12:10]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-573735546-839522115-1004UA.job
- e:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-03 12:10]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-573735546-839522115-1005Core.job
- e:\documents and settings\Ben Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-22 11:47]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-573735546-839522115-1005UA.job
- e:\documents and settings\Ben Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-22 11:47]
.
2012-01-10 c:\windows\Tasks\User_Feed_Synchronization-{CC5B68AB-112A-46A0-92A3-2E4D362CA911}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
LSP: imslsp.dll
LSP: c:\windows\system32\ZoneLabs\vetredir.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - e:\documents and settings\Ben Ben\Application Data\Mozilla\Firefox\Profiles\c5fvb7dp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-10 18:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\imslsp.dll
c:\windows\system32\libeay32_0.9.6l.dll
c:\windows\system32\ZoneLabs\vetredir.dll
c:\windows\system32\ZoneLabs\isafeif.dll
.
Completion time: 2012-01-10 18:55:48
ComboFix-quarantined-files.txt 2012-01-10 10:55
ComboFix2.txt 2012-01-10 08:34
ComboFix3.txt 2011-07-18 15:34
ComboFix4.txt 2009-10-18 07:31
.
Pre-Run: 22,203,387,904 bytes free
Post-Run: 22,184,333,312 bytes free
.
- - End Of File - - 68DCD57182EBBF88BCFDEE31F5919450
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Internet Browser Malware?

Unread postby luckyguy457321 » October 8th, 2012, 8:09 am

OTL's 10082012_194152.txt
All processes killed
========== OTL ==========
Service BANG stopped successfully!
Service BANG deleted successfully!
C:\Documents and Settings\Admin\Local Settings\Temp\BANG.SYS moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-573735546-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1715567821-573735546-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1715567821-573735546-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1715567821-573735546-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1715567821-573735546-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23cdca84-f24b-11df-89bf-002018a21f20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23cdca84-f24b-11df-89bf-002018a21f20}\ not found.
File F:\9d6tpg.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23cdca84-f24b-11df-89bf-002018a21f20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23cdca84-f24b-11df-89bf-002018a21f20}\ not found.
File F:\9d6tpg.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86bd4142-8019-11de-8739-002018a21f20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86bd4142-8019-11de-8739-002018a21f20}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86bd4142-8019-11de-8739-002018a21f20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86bd4142-8019-11de-8739-002018a21f20}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86bd4142-8019-11de-8739-002018a21f20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86bd4142-8019-11de-8739-002018a21f20}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df32cb20-79d0-11de-8730-002018a21f20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df32cb20-79d0-11de-8730-002018a21f20}\ not found.
File F:\ZensUsb.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df32cb20-79d0-11de-8730-002018a21f20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df32cb20-79d0-11de-8730-002018a21f20}\ not found.
File F:\ZensUsb.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df32cb20-79d0-11de-8730-002018a21f20}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df32cb20-79d0-11de-8730-002018a21f20}\ not found.
File F:\ZensUsb.exe not found.
C:\WINDOWS\002760_.tmp deleted successfully.
C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.
C:\WINDOWS\DUMP318f.tmp deleted successfully.
C:\WINDOWS\SET25.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\32788R22FWJFW.1.tmp\License\Curl - license.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\License\dumphive-license.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\License\EXTRACT.TXT deleted successfully.
C:\32788R22FWJFW.1.tmp\License\FI - license.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\License\mtee.txt.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\License\pv_5_2_2.zip deleted successfully.
C:\32788R22FWJFW.1.tmp\License\streamtools.zip deleted successfully.
C:\32788R22FWJFW.1.tmp\License\UnxUtilsDist.html deleted successfully.
C:\32788R22FWJFW.1.tmp\License\Zip - license.txt deleted successfully.
C:\32788R22FWJFW.1.tmp\License folder deleted successfully.
C:\32788R22FWJFW.1.tmp\pev.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\Policies.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\prep.done deleted successfully.
C:\32788R22FWJFW.1.tmp\Prep.inf deleted successfully.
C:\32788R22FWJFW.1.tmp\Purity.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\pv.com deleted successfully.
C:\32788R22FWJFW.1.tmp\RCLink.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\REGDACL.sed deleted successfully.
C:\32788R22FWJFW.1.tmp\RegDo.sed deleted successfully.
C:\32788R22FWJFW.1.tmp\region.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\RegScan.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\restore_pt.vbs deleted successfully.
C:\32788R22FWJFW.1.tmp\Rkey.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\rogues.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\run2.sed deleted successfully.
C:\32788R22FWJFW.1.tmp\Rust.str deleted successfully.
C:\32788R22FWJFW.1.tmp\safeboot.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\safeboot.def.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\safeboot.def.vista.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\sed.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\SetEnvmt.bat deleted successfully.
C:\32788R22FWJFW.1.tmp\setpath.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\SnapShot.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\SRestore.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\srizbi.md5 deleted successfully.
C:\32788R22FWJFW.1.tmp\SuppScan.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\SvcDrv.vbs deleted successfully.
C:\32788R22FWJFW.1.tmp\svchost.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\svchost.vista.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\svc_wht.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\swreg.exe deleted successfully.
C:\32788R22FWJFW.1.tmp\swsc.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\swxcacls.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\system_ini.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\tail.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp\toolbar.sed deleted successfully.
C:\32788R22FWJFW.1.tmp\Update-CF.cmd deleted successfully.
C:\32788R22FWJFW.1.tmp\VInfo deleted successfully.
C:\32788R22FWJFW.1.tmp\vistareg.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\vun.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\w2kreg.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\w2k_sock.dll deleted successfully.
C:\32788R22FWJFW.1.tmp\Wmi_rem.vbs deleted successfully.
C:\32788R22FWJFW.1.tmp\w_sock.dll deleted successfully.
C:\32788R22FWJFW.1.tmp\xpreg.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\zDomain.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\zhsvc.dat deleted successfully.
C:\32788R22FWJFW.1.tmp\zip.cfxxe deleted successfully.
C:\32788R22FWJFW.1.tmp folder deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Aaryn

User: Admin

User: All Users

User: BenBen

User: Default User

User: LocalService

User: Mum&Grandma

User: NetworkService

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 355903 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2547 bytes

Total Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10082012_194152

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Internet Browser Malware?

Unread postby Gary R » October 8th, 2012, 9:49 am

OK, no real clues so far as to what is causing your problem, at this point it does not look to be Malware related.

As its name suggests, this forum specialises in Malware removal, so we may need to hand you over to a forum that specialises in Network problems, however before we do that I'd like to troubleshoot things a little further if I may.

First

Try temporarily disabling your AV and Firewall, and see if that allows you to connect using your browser. DO NOT STAY ONLINE for more than a few seconds in this condition, we're just trying to establish if your AV suite is the source of the problem or not, staying online without an AV or Firewall is a very hazardous thing to do.

To disable Zone Alarm ....

Right click on the Icon in your System Tray and select ..... Shutdown ZASS

To switch it back on ....

  • Click Start > All programs
  • Scroll down to Zone Alarm
  • Launch its executable file.

Next

If disabling your AV and FW resolved your connection problem, let me know.

If not .....

  • Click Start > Run
  • Type cmd.exe into the Open: box then click OK.
  • This should open a Command Window.
  • type the following .... ipconfig /all > "%userprofile%\desktop\ipconfigexport.txt" ... then hit Enter (be careful to type it exactly as I've written it, with all the spaces in the correct places)
  • A file ipconfigexport.txt should be created on your Desktop.
  • Please post me the contents of that file.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Internet Browser Malware?

Unread postby luckyguy457321 » October 8th, 2012, 11:08 am

I can't find the icon in the system tray and the shortcut in the start menu says that it is missing zlclient.exe
I checked to see if ZoneAlarm was installed but I couldn't find it in the add and remove list in the control panel, but I'm quite sure I didn't uninstall ZoneAlarm

ipconfigexport.txt
Windows IP Configuration



Host Name . . . . . . . . . . . . : ZNET1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-20-18-A2-1F-20

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.36

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Monday, 8 October 2012 7:43:49 PM

Lease Expires . . . . . . . . . . : Tuesday, 9 October 2012 7:43:49 PM
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 281 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware