Jump to content

Dtown

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

 Content Type 

Posts posted by Dtown

    FBI virus

    in Resolved Malware Removal Logs

    Posted

    Results of screen317's Security Check version 0.99.56

    Windows XP Service Pack 3 x86

    Internet Explorer 8

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Security Center service is not running! This report may not be accurate!

    WMI entry may not exist for antivirus; attempting automatic update.

    `````````Anti-malware/Other Utilities Check:`````````

    JavaFX 2.1.1

    Java 6 Update 33

    Java 7 Update 9

    Adobe Flash Player 11.5.502.146

    Adobe Reader 10.1.5 Adobe Reader out of Date!

    Mozilla Firefox (18.0)

    ````````Process Check: objlist.exe by Laurent````````

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)

    ````````````````````End of Log``````````````````````

    results of security check

    FBI virus

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v2.105 - Logfile created 01/13/2013 at 16:20:07

    # Updated 08/01/2013 by Xplode

    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

    # User : Derek - DTOWN-0B10F865B

    # Boot Mode : Normal

    # Running from : C:\Documents and Settings\Derek\Desktop\adwcleaner.exe

    # Option [Delete]

    ***** [services] *****

    ***** [Files / Folders] *****

    Folder Deleted : C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\cnovkmrq.default\extensions\crossriderapp2258@crossrider.com

    Folder Deleted : C:\Documents and Settings\Derek\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload

    Key Deleted : HKCU\Software\IGearSettings

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This

    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

    ***** [internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0 (en-US)

    File : C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\cnovkmrq.default\prefs.js

    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    *************************

    AdwCleaner[R1].txt - [2067 octets] - [13/01/2013 16:17:24]

    AdwCleaner[R2].txt - [2127 octets] - [13/01/2013 16:19:30]

    AdwCleaner[s1].txt - [2084 octets] - [13/01/2013 16:20:07]

    ########## EOF - C:\AdwCleaner[s1].txt - [2144 octets] ##########

    results after deletion and reboot

    FBI virus

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v2.105 - Logfile created 01/13/2013 at 16:17:24

    # Updated 08/01/2013 by Xplode

    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

    # User : Derek - DTOWN-0B10F865B

    # Boot Mode : Normal

    # Running from : C:\Documents and Settings\Derek\Desktop\adwcleaner.exe

    # Option [search]

    ***** [services] *****

    ***** [Files / Folders] *****

    Folder Found : C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\cnovkmrq.default\extensions\crossriderapp2258@crossrider.com

    Folder Found : C:\Documents and Settings\Derek\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0

    ***** [Registry] *****

    Key Found : HKCU\Software\1ClickDownload

    Key Found : HKCU\Software\IGearSettings

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This

    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

    ***** [internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0 (en-US)

    File : C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\cnovkmrq.default\prefs.js

    Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    *************************

    AdwCleaner[R1].txt - [1938 octets] - [13/01/2013 16:17:24]

    ########## EOF - C:\AdwCleaner[R1].txt - [1998 octets] ##########

    adwcleaner results

    FBI virus

    in Resolved Malware Removal Logs

    Posted

    ComboFix 13-01-13.01 - Derek 01/13/2013 15:47:26.1.2 - x86

    Running from: c:\documents and settings\Derek\Desktop\ComboFix.exe

    * Created a new restore point

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\All Users\Application Data\24ff93ad.dat

    c:\windows\system32\SET1A3.tmp

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))

    .

    .

    2013-01-13 19:51 . 2013-01-13 19:51 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2013-01-13 18:55 . 2013-01-13 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2013-01-13 07:56 . 2013-01-13 07:56 -------- d-----w- C:\_OTL

    2013-01-12 03:51 . 2013-01-12 03:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

    2013-01-10 18:28 . 2013-01-10 18:28 -------- d-----w- c:\program files\The Walking Dead

    2013-01-10 18:28 . 2012-08-30 22:57 81 ----a-w- c:\program files\update-walking-dead.bat

    2013-01-02 08:38 . 2013-01-09 03:37 -------- d-----w- c:\program files\Common Files\BioWare

    2013-01-02 08:38 . 2013-01-02 08:38 -------- d-----w- c:\program files\Electronic Arts

    2013-01-02 08:38 . 2013-01-02 08:38 -------- d-----w- C:\Users

    2012-12-26 18:57 . 2004-10-22 07:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

    2012-12-26 18:57 . 2004-10-22 07:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

    2012-12-26 18:57 . 2004-10-22 07:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

    2012-12-26 18:57 . 2004-10-22 07:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

    2012-12-26 18:57 . 2004-10-22 07:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

    2012-12-26 18:57 . 2012-12-26 18:57 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

    2012-12-26 18:57 . 2012-12-26 18:57 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

    2012-12-26 18:44 . 2012-12-26 18:44 -------- d-----w- c:\program files\EA Games

    2012-12-26 18:44 . 2012-12-26 18:44 -------- d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP

    2012-12-26 18:25 . 2012-12-26 18:25 -------- d-----w- c:\documents and settings\Derek\Application Data\RealNetworks

    2012-12-26 18:21 . 2012-12-26 18:21 -------- d-----w- c:\program files\RealNetworks

    2012-12-26 18:21 . 2012-12-26 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RealNetworks

    2012-12-26 18:21 . 2012-12-26 18:21 -------- d-----w- c:\program files\Common Files\xing shared

    2012-12-26 18:20 . 2012-12-26 18:20 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2012-12-26 18:20 . 2012-12-26 18:20 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2012-12-22 22:06 . 2012-12-22 22:06 -------- d-sh--w- c:\documents and settings\Derek\wc

    2012-12-22 22:06 . 2012-12-22 22:06 -------- d-----w- c:\documents and settings\Derek\Local Settings\Application Data\Universe Sandbox

    2012-12-22 22:06 . 2012-12-22 22:06 -------- d-sh--w- c:\documents and settings\Derek\Application Data\wyUpdate AU

    2012-12-21 19:05 . 2010-10-01 01:15 1759584 ----a-w- c:\windows\system32\drivers\athuw.sys

    2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

    2012-12-17 18:11 . 2012-12-17 18:11 -------- d-----w- c:\program files\MegaDev

    2012-12-16 20:01 . 2012-12-16 20:01 -------- d-----w- c:\documents and settings\Derek\Local Settings\Application Data\My Games

    2012-12-16 17:57 . 2012-12-16 17:57 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

    2012-12-16 17:57 . 2012-12-16 17:57 -------- d-----w- c:\program files\DAEMON Tools Lite

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-01-10 01:07 . 2012-04-04 15:56 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2013-01-10 01:07 . 2012-03-13 11:43 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2013-01-11 07:17 . 2013-01-11 07:17 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    .

    .

    ------- Sigcheck -------

    Note: Unsigned files aren't necessarily malware.

    .

    [-] 2012-03-21 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

    [-] 2012-03-21 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\tcpip.sys

    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\tcpip.sys

    [7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

    [7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

    [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]

    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]

    "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]

    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-26 295072]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    "Z1"="c:\documents and settings\Derek\Desktop\mbar\mbar.exe" [2013-01-09 1356360]

    .

    c:\documents and settings\Derek\Start Menu\Programs\Startup\

    PowerReg Scheduler.exe [2012-7-13 256000]

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

    "c:\\Nexon\\DFO\\DFO.exe"=

    "c:\\Program Files\\BitComet\\BitComet.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

    "c:\\Program Files\\Diablo III\\Diablo III.exe"=

    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

    "c:\\Program Files\\Steam\\Steam.exe"=

    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1267\\Agent.exe"=

    "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1363\\Agent.exe"=

    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

    "c:\\Program Files\\Steam\\steamapps\\common\\chivalrymedievalwarfare\\Binaries\\Win32\\UDK.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    "c:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "20015:TCP"= 20015:TCP:BitComet 20015 TCP

    "20015:UDP"= 20015:UDP:BitComet 20015 UDP

    "56145:TCP"= 56145:TCP:Pando Media Booster

    "56145:UDP"= 56145:UDP:Pando Media Booster

    .

    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]

    R3 vtany;vtany;c:\windows\vtany.sys [x]

    R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]

    R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]

    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

    S2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [x]

    S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]

    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

    S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuw.sys [x]

    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

    .

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - MBAMCHAMELEON

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:07]

    .

    2013-01-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-839522115-287218729-682003330-1003.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]

    .

    2013-01-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-839522115-287218729-682003330-1003.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]

    .

    2013-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-287218729-682003330-1003.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]

    .

    2012-12-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-287218729-682003330-1003.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 20:30]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    TCP: DhcpNameServer = 192.168.1.254

    FF - ProfilePath - c:\documents and settings\Derek\Application Data\Mozilla\Firefox\Profiles\cnovkmrq.default\

    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

    FF - ExtSQL: 2012-12-26 13:21; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    .

    - - - - ORPHANS REMOVED - - - -

    .

    SafeBoot-Wdf01000.sys

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2013-01-13 15:54

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xsherlock]

    "ImagePath"="c:\windows\system32\xsherlock.xem"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    Completion time: 2013-01-13 15:55:31

    ComboFix-quarantined-files.txt 2013-01-13 20:55

    .

    Pre-Run: 107,945,623,552 bytes free

    Post-Run: 109,452,804,096 bytes free

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    .

    - - End Of File - - 98664E0475E7DB1BEB1629C9EE7A31EF

    these are the results of the combofix scan

    FBI virus

    in Resolved Malware Removal Logs

    Posted

    ========== OTL ==========

    Service\Driver key winmgmt not found.

    File C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe not found.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 not found.

    winmgmt removed from NetSvcs value successfully!

    File C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe not found.

    File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad not found.

    File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js not found.

    File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk not found.

    File C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk not found.

    File C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe not found.

    File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk not found.

    File C:\Documents and Settings\All Users\Application Data\netdislw.pad not found.

    File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js not found.

    File C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk not found.

    File C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad not found.

    File C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe not found.

    File C:\Documents and Settings\All Users\Application Data\netdislw.pad not found.

    OTLPE by OldTimer - Version 3.1.48.0 log created on 01132013_121104

    sorry i messed up. somehow i lost/deleted the results of the first fix i ran. these are the results of the second fix. hopefully this is still useful to you.

    FBI virus

    in Resolved Malware Removal Logs

    Posted

    Error: Unable to interpret <SRV - [2013/01/11 22:43:11 | 000,252,416 | ---- | M] () [Auto] -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe -- (winmgmt)> in the current context!

    Error: Unable to interpret <O4 - HKLM..\Run: [ROC_roc_ssl_v12] File not found> in the current context!

    Error: Unable to interpret <NetSvcs: winmgmt - C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe ()> in the current context!

    Error: Unable to interpret <[2013/01/12 11:17:51 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad> in the current context!

    Error: Unable to interpret <[2013/01/11 22:50:50 | 000,002,959 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js> in the current context!

    Error: Unable to interpret <[2013/01/11 22:50:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk> in the current context!

    Error: Unable to interpret <[2013/01/11 22:43:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk> in the current context!

    Error: Unable to interpret <[2013/01/11 22:43:11 | 000,252,416 | ---- | M] () -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe> in the current context!

    Error: Unable to interpret <[2013/01/11 22:50:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk> in the current context!

    Error: Unable to interpret <[2013/01/11 22:43:22 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\netdislw.pad> in the current context!

    Error: Unable to interpret <[2013/01/11 22:43:20 | 000,002,959 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js> in the current context!

    Error: Unable to interpret <[2013/01/11 22:43:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk> in the current context!

    Error: Unable to interpret <[2013/01/11 22:43:18 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad> in the current context!

    Error: Unable to interpret <[2013/01/11 22:43:11 | 000,252,416 | ---- | C] () -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe> in the current context!

    Error: Unable to interpret <[2013/01/11 22:44:40 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\netdislw.pad> in the current context!

    OTLPE by OldTimer - Version 3.1.48.0 log created on 01132013_025625

    these are the 2nd scan results. it seems like there was an error.

    FBI virus

    in Resolved Malware Removal Logs

    Posted

    OTL logfile created on: 1/12/2013 11:29:37 AM - Run

    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free

    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free

    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 232.88 Gb Total Space | 100.33 Gb Free Space | 43.08% Space Free | Partition Type: NTFS

    Drive D: | 7.46 Gb Total Space | 7.19 Gb Free Space | 96.38% Space Free | Partition Type: FAT32

    Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM

    Boot Mode: Normal | Scan Mode: All users

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2013/01/11 22:43:11 | 000,252,416 | ---- | M] () [Auto] -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe -- (winmgmt)

    SRV - [2013/01/11 02:17:12 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

    SRV - [2013/01/09 20:07:30 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

    SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

    SRV - [2012/10/31 17:56:35 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

    SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

    SRV - [2012/05/15 05:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

    SRV - [2012/04/30 23:38:49 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand] -- C:\WINDOWS\system32\xsherlock.xem -- (xsherlock)

    SRV - [2011/09/15 11:06:04 | 000,088,576 | ---- | M] () [Auto] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

    SRV - [2011/06/29 13:26:06 | 000,520,216 | ---- | M] (Ant.com) [Auto] -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)

    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (xhunter1)

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

    DRV - File not found [Kernel | On_Demand] -- -- (vtany)

    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

    DRV - File not found [Kernel | System] -- -- (PCIDump)

    DRV - File not found [Kernel | System] -- -- (lbrtfdc)

    DRV - File not found [Kernel | System] -- -- (i2omgmt)

    DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)

    DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt)

    DRV - File not found [Kernel | System] -- -- (Changer)

    DRV - [2012/12/16 12:57:49 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

    DRV - [2012/09/06 13:33:27 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

    DRV - [2012/03/15 12:26:56 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2010/09/30 20:15:00 | 001,759,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)

    DRV - [2010/06/22 17:01:52 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)

    DRV - [2009/06/10 14:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)

    DRV - [2008/03/26 05:37:26 | 004,713,472 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

    DRV - [2007/11/17 02:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

    DRV - [2007/11/17 02:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

    DRV - [2007/10/12 02:53:10 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)

    DRV - [2007/05/14 22:03:24 | 000,445,696 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 CD 21 20 7A F0 CD 01 [binary data]

    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Derek_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

    IE - HKU\Derek_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)

    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

    FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)

    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/26 13:21:23 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 02:17:13 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/11 02:17:04 | 000,000,000 | ---D | M]

    [2013/01/11 02:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2013/01/11 02:17:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

    [2013/01/11 02:17:13 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

    [2011/11/03 01:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

    [2012/12/26 13:20:51 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

    [2012/08/29 18:03:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    [2012/10/13 10:02:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (215 Apps)

    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

    O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)

    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

    O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

    O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)

    O3 - HKU\Derek_ON_C\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)

    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

    O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

    O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()

    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

    O4 - HKLM..\Run: [ROC_roc_ssl_v12] File not found

    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

    O4 - HKU\Derek_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)

    O4 - Startup: C:\Documents and Settings\Derek\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()

    O4 - Startup: C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\Derek_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)

    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)

    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2012/03/12 22:49:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found

    NetSvcs: Ias - File not found

    NetSvcs: Iprip - File not found

    NetSvcs: Irmon - File not found

    NetSvcs: NWCWorkstation - File not found

    NetSvcs: Nwsapagent - File not found

    NetSvcs: WmdmPmSp - File not found

    NetSvcs: winmgmt - C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe ()

    Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()

    Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/11 23:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe

    [2013/01/11 23:04:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

    [2013/01/11 22:51:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE

    [2013/01/11 02:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

    [2013/01/10 13:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\Telltale Games

    [2013/01/10 13:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\The Walking Dead

    [2013/01/09 02:46:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi

    [2013/01/02 07:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\HeroBlade Logs

    [2013/01/02 03:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts

    [2013/01/02 03:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare

    [2013/01/02 03:38:18 | 000,000,000 | ---D | C] -- C:\Users

    [2012/12/26 13:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games

    [2012/12/26 13:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\RealNetworks

    [2012/12/26 13:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks

    [2012/12/26 13:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks

    [2012/12/26 13:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

    [2012/12/26 13:20:55 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

    [2012/12/26 13:20:48 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

    [2012/12/26 13:20:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

    [2012/12/26 13:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks

    [2012/12/22 17:06:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Derek\wc

    [2012/12/22 17:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Universe Sandbox

    [2012/12/22 17:06:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Derek\Application Data\wyUpdate AU

    [2012/12/21 14:05:45 | 001,759,584 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athuw.sys

    [2012/12/17 13:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MegaDev

    [2012/12/17 13:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\MegaDev

    [2012/12/16 15:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\My Games

    [2012/12/16 12:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite

    [2012/12/16 12:57:49 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

    [2012/12/16 12:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/12 11:17:51 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad

    [2013/01/12 11:17:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-287218729-682003330-1003.job

    [2013/01/12 11:17:21 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-839522115-287218729-682003330-1003.job

    [2013/01/12 11:17:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2013/01/12 01:41:46 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-839522115-287218729-682003330-1003.job

    [2013/01/11 22:50:50 | 000,002,959 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

    [2013/01/11 22:50:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk

    [2013/01/11 22:45:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2013/01/11 22:44:40 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\netdislw.pad

    [2013/01/11 22:43:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk

    [2013/01/11 22:43:11 | 000,252,416 | ---- | M] () -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe

    [2013/01/11 22:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

    [2013/01/11 19:24:10 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

    [2013/01/10 13:31:13 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Play The Walking Dead nosTEAM.lnk

    [2013/01/09 20:07:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

    [2013/01/09 20:07:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

    [2013/01/09 18:21:08 | 000,493,384 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2013/01/09 18:21:08 | 000,083,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [2013/01/09 02:47:14 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk

    [2013/01/07 15:52:35 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

    [2013/01/07 15:52:35 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin

    [2013/01/05 03:54:04 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin

    [2012/12/29 14:53:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-287218729-682003330-1003.job

    [2012/12/27 12:32:39 | 000,000,122 | -HS- | M] () -- C:\WINDOWS\System32\Userdata.ini

    [2012/12/26 13:21:31 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk

    [2012/12/26 13:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks

    [2012/12/26 13:20:55 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

    [2012/12/26 13:20:48 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

    [2012/12/26 13:20:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

    [2012/12/26 13:20:47 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

    [2012/12/19 14:52:42 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2012/12/17 13:11:39 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\MegaTrainer eXperience.lnk

    [2012/12/17 13:11:39 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\MT-X - Guide.lnk

    [2012/12/17 13:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\MegaDev

    [2012/12/16 12:58:06 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk

    [2012/12/16 12:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite

    [2012/12/16 12:57:49 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

    [2012/12/13 20:02:45 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk

    [2012/12/13 20:02:45 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk

    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/11 22:50:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk

    [2013/01/11 22:43:22 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\netdislw.pad

    [2013/01/11 22:43:20 | 000,002,959 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

    [2013/01/11 22:43:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Derek\Start Menu\Programs\Startup\runctf.lnk

    [2013/01/11 22:43:18 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad

    [2013/01/11 22:43:11 | 000,252,416 | ---- | C] () -- C:\Documents and Settings\Derek\wgsdgsdgdsgsd.exe

    [2013/01/10 13:31:12 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Play The Walking Dead nosTEAM.lnk

    [2013/01/10 13:28:00 | 000,003,153 | ---- | C] () -- C:\Program Files\visit-nosteam.ro.html

    [2013/01/10 13:28:00 | 000,000,081 | ---- | C] () -- C:\Program Files\update-walking-dead.bat

    [2012/12/26 13:25:52 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-839522115-287218729-682003330-1003.job

    [2012/12/26 13:25:51 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-839522115-287218729-682003330-1003.job

    [2012/12/26 13:21:31 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk

    [2012/12/17 13:11:39 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\MegaTrainer eXperience.lnk

    [2012/12/17 13:11:39 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\MT-X - Guide.lnk

    [2012/12/16 12:58:06 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk

    [2012/11/17 10:27:51 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\24ff93ad.dat

    [2012/10/25 22:10:51 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

    [2012/07/13 07:05:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

    [2012/04/30 18:59:46 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

    [2012/04/30 18:59:46 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

    [2012/04/30 18:59:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

    [2012/04/30 18:59:25 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

    [2012/04/23 00:08:02 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

    [2012/04/23 00:08:02 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

    [2012/04/12 04:45:27 | 000,000,122 | -HS- | C] () -- C:\WINDOWS\System32\Userdata.ini

    [2012/03/22 13:22:31 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2012/03/14 16:04:01 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

    [2012/03/12 23:20:15 | 000,003,636 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

    [2012/03/12 22:53:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

    [2012/03/12 22:44:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    [2012/03/12 22:30:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2012/03/12 22:25:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

    [2012/03/12 16:43:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    [2012/03/12 16:42:37 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

    [2008/07/25 23:48:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

    [2008/07/25 23:48:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

    [2008/07/25 23:48:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

    [2008/07/25 23:48:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

    [2008/07/25 23:48:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

    [2008/07/25 23:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

    [2008/07/25 23:48:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

    [2008/07/25 23:48:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

    [2008/07/25 23:48:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

    [2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

    [2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

    [2004/08/04 07:00:00 | 000,493,384 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

    [2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

    [2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

    [2004/08/04 07:00:00 | 000,083,802 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

    [2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

    [2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

    [2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

    [2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    [2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

    [2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2013/01/11 18:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\BitComet

    [2012/04/09 21:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\DAEMON Tools Lite

    [2012/11/03 14:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\foobar2000

    [2012/03/18 10:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Go PDF Reader

    [2012/04/09 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\MotioninJoy

    [2012/04/09 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Mount&Blade With Fire and Sword

    [2012/12/30 06:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\NeopleLauncherDFO

    [2012/08/04 05:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Oracle

    [2012/12/22 17:06:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Derek\Application Data\wyUpdate AU

    [2012/03/14 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ant.com

    [2012/05/14 23:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net

    [2012/04/23 18:29:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

    [2012/12/16 14:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

    [2012/05/11 01:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon

    [2012/03/13 11:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS

    [2012/03/24 22:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

    [2012/10/17 11:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED

    [2013/01/10 13:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REVOLT

    [2012/10/06 21:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System

    [2012/04/30 23:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBZEN

    ========== Purity Check ==========

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >

    [2012/03/12 22:49:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

    [2012/03/12 22:41:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini

    [2012/03/12 22:49:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

    [2012/03/12 22:49:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

    [2012/03/12 22:49:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

    [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

    [2012/03/14 02:23:18 | 000,250,048 | RHS- | M] () -- C:\ntldr

    [2013/01/12 11:27:26 | 000,064,872 | ---- | M] () -- C:\OTL.Txt

    [2013/01/12 11:17:04 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    [2012/11/18 19:51:15 | 000,000,004 | ---- | M] () -- C:\__temp.txt

    < MD5 for: EXPLORER.EXE >

    [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

    [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

    < MD5 for: SERVICES.EXE >

    [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

    [2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

    [2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

    [2004/08/04 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

    < MD5 for: USERINIT.EXE >

    [2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

    [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

    [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >

    [2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

    [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

    [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < End of report >

    Here are the results of the scan. I wasn't sure if the next step would be the same as posted in the other thread so i'm posting it here to avoid confusion.

    FBI virus

    in Resolved Malware Removal Logs

    Posted

    I'm running windows xp 32 bit. I have the fbi virus. the only safe mode i can use is the command prompt one. can anyone help me remove this virus using the REGEDIT command?

    note: typing explorer.exe into the command prompt does not work as the virus has hijacked that as well. i believe this is a very new version of the virus.

    thanx in advance

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.