Jump to content

Recommended Posts

I got infected with something and all Icons on desktop disappeared, start menu items also. Could not access Internet Explorer, could not run task manager and couldn't run registry editor. Fixed everything so far except for the desktop icons and when searching with google, i get redirected to other sites. Found a way around this by going to the cache of the site beside link. I followed everything to a tee on this other post http://webcache.googleusercontent.com/search?q=cache:V_jB_MNZtUIJ:forums.malwarebytes.org/index.php%3Fshowtopic%3D83625+desktop+icons+missing+virus&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com

Just need some help indentifying what I need to delete with OTL. Any help as soon as possible appreciated. Here is the reports generated by OTL:

OTL logfile created on: 5/30/2011 11:47:08 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 399.99 Mb Available Physical Memory | 39.39% Memory free

2.38 Gb Paging File | 1.95 Gb Available in Paging File | 81.66% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142.15 Gb Total Space | 70.16 Gb Free Space | 49.35% Space Free | Partition Type: NTFS

Drive D: | 6.89 Gb Total Space | 3.43 Gb Free Space | 49.80% Space Free | Partition Type: FAT32

Computer Name: K1TT6Y5C4A7T | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\zHotkey.exe ()

PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Common Files\Symantec Shared\auCOLPwd.dll (Symantec Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (io.sys) -- C:\WINDOWS\system32\drivers\io.sys ()

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090528.001\SymIDSCo.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090530.017\NAVEX15.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090530.017\NAVENG.SYS (Symantec Corporation)

DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)

DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)

DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)

DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)

DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)

DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (WISTechVIDCAP) -- C:\WINDOWS\system32\drivers\wisgostrm.sys (WIS Technologies)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (el575nd5) -- C:\WINDOWS\system32\drivers\el575ND5.sys (3Com Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/24 23:36:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/24 23:36:19 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/06/09 13:53:09 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (SearchElf 1.1 Toolbar) - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\BAE.dll (Gateway Inc.)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

O3 - HKLM\..\Toolbar: (SearchElf 1.1 Toolbar) - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (SearchElf 1.1 Toolbar) - {00F2C0C6-2194-484E-9064-44E57787867B} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [ModPS2] C:\WINDOWS\ModPS2Key.exe (Chicony)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)

O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [showWnd] C:\WINDOWS\ShowWnd.exe ()

O4 - HKCU..\Run: [Power2GoExpress] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: mikesarcade.com ([www] http in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{85691d5b-1c2a-11de-b374-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{85691d5b-1c2a-11de-b374-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{85691d5b-1c2a-11de-b374-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 23:45:48 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\OTL.exe

[2011/05/30 23:42:12 | 000,000,000 | ---D | C] -- C:\RK_Quarantine

[2011/05/30 23:30:26 | 014,885,984 | ---- | C] (Sunbelt Software ) -- C:\counterspy-setup.exe

[2011/05/30 22:32:45 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2011/05/30 19:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/05/30 19:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/05/30 19:50:12 | 005,559,024 | ---- | C] (AVG Technologies) -- C:\avg_free_stb_all_2011_1375_cnet.exe

[2011/05/30 19:44:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent

[2011/05/30 19:23:07 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rEAnOwDTDeg.exe

[2011/05/30 03:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PsGUI300beta

[2011/05/29 04:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mortal Kombat (U)

[2011/05/12 14:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Frogwares

[2011/05/12 14:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sherlock Holmes and the Hound of the Baskervilles Collector's Edition

[2011/05/12 14:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sherlock Holmes and the Hound of the Baskervilles Collector's Edition

[2011/05/06 23:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HdO Adventure

[2011/05/06 23:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eGames

[2011/05/06 23:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\eGames

[2011/05/05 23:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ERS Game Studios

[2011/05/05 23:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Dark Tales - Edgar Allan Poe's The Black Cat Collector's Edition

[2011/05/05 23:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dark Tales - Edgar Allan Poe's The Black Cat Collector's Edition

[2011/04/10 18:39:50 | 004,363,704 | ---- | C] (Smart Projects ) -- C:\Program Files\isobuster_all_lang.exe

[2009/04/05 12:03:19 | 004,526,458 | ---- | C] (ZJ Computing, Inc. ") -- C:\Program Files\WinAVI_Video_Converter.exe

[2009/04/05 05:44:49 | 033,321,084 | ---- | C] (Mediachance ) -- C:\Program Files\dvdlabpro251.exe

[2009/04/05 04:07:43 | 071,868,984 | ---- | C] ( ) -- C:\Program Files\CyberLink_Power2Go6_P2G080403-01.exe

[2009/04/04 18:27:47 | 000,652,333 | ---- | C] (Xvid team ) -- C:\Program Files\Xvid-1.2.1-04122008.exe

[2009/04/04 08:47:05 | 016,070,968 | ---- | C] ( ) -- C:\Program Files\gimp-2.6.6-i686-setup.exe

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/30 23:45:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

[2011/05/30 23:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/30 23:40:56 | 000,486,912 | ---- | M] () -- C:\RogueKiller.exe

[2011/05/30 23:35:03 | 000,606,105 | ---- | M] () -- C:\unhide.exe

[2011/05/30 23:34:22 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\unhide.exe

[2011/05/30 23:30:26 | 014,885,984 | ---- | M] (Sunbelt Software ) -- C:\counterspy-setup.exe

[2011/05/30 23:05:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/30 23:05:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/30 23:05:40 | 1064,882,176 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/30 22:32:51 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/30 20:19:10 | 000,000,622 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job

[2011/05/30 19:50:12 | 005,559,024 | ---- | M] (AVG Technologies) -- C:\avg_free_stb_all_2011_1375_cnet.exe

[2011/05/30 19:43:12 | 000,001,341 | ---- | M] () -- C:\regtools.vbs

[2011/05/30 19:42:33 | 000,001,341 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\regtools.vbs

[2011/05/30 19:23:08 | 135,178,848 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMAGE.img

[2011/05/30 19:23:08 | 005,517,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMAGE.sub

[2011/05/30 19:23:06 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rEAnOwDTDeg.exe

[2011/05/30 19:23:04 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IMAGE.ccd

[2011/05/30 19:08:13 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to PopstationGUI.exe.lnk

[2011/05/30 06:04:56 | 000,008,206 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel

[2011/05/30 00:08:12 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/29 23:04:07 | 000,000,155 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/05/27 23:26:04 | 001,571,163 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jt001-trap-templates-v1.pdf

[2011/05/26 21:44:32 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2011/05/06 23:47:33 | 000,001,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games!.lnk

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/30 23:40:53 | 000,486,912 | ---- | C] () -- C:\RogueKiller.exe

[2011/05/30 23:40:09 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2011/05/30 23:40:09 | 000,001,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games!.lnk

[2011/05/30 23:40:09 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/30 23:40:09 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk

[2011/05/30 23:40:09 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk

[2011/05/30 23:40:09 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk

[2011/05/30 23:40:09 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2011/05/30 23:40:09 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk

[2011/05/30 23:40:09 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/05/30 23:40:09 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2011/05/30 23:40:09 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhotoPearls.lnk

[2011/05/30 23:40:09 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mortal Kombat Widget.lnk

[2011/05/30 23:40:09 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2011/05/30 23:40:08 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2011/05/30 23:40:08 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2011/05/30 23:40:08 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk

[2011/05/30 23:40:08 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk

[2011/05/30 23:34:51 | 000,606,105 | ---- | C] () -- C:\unhide.exe

[2011/05/30 23:34:13 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\unhide.exe

[2011/05/30 22:32:51 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/30 21:16:42 | 1064,882,176 | -HS- | C] () -- C:\hiberfil.sys

[2011/05/30 19:43:31 | 000,001,341 | ---- | C] () -- C:\regtools.vbs

[2011/05/30 19:42:43 | 000,001,341 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\regtools.vbs

[2011/05/30 19:21:50 | 135,178,848 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMAGE.img

[2011/05/30 19:21:50 | 005,517,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMAGE.sub

[2011/05/30 19:21:50 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IMAGE.ccd

[2011/05/30 19:04:51 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to PopstationGUI.exe.lnk

[2011/05/30 06:04:56 | 000,008,206 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel

[2011/05/27 23:26:04 | 001,571,163 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jt001-trap-templates-v1.pdf

[2011/04/10 19:28:02 | 000,000,047 | ---- | C] () -- C:\WINDOWS\WinBIN2ISO.INI

[2011/04/10 18:42:41 | 000,089,305 | ---- | C] () -- C:\Program Files\SegaCueMaker.zip

[2011/04/10 18:41:54 | 000,018,482 | ---- | C] () -- C:\Program Files\WinBin2Iso.zip

[2011/02/26 03:35:09 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010/08/28 01:47:26 | 000,005,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\io.sys

[2010/06/09 01:18:51 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat

[2010/02/06 03:22:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/12/12 13:02:15 | 002,734,688 | ---- | C] () -- C:\WINDOWS\temp.exe

[2009/11/10 20:56:11 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2009/10/23 17:35:26 | 000,009,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\CrucialSMBusScan.sys

[2009/10/16 12:48:01 | 000,119,697 | ---- | C] () -- C:\WINDOWS\hpqins00.dat

[2009/05/28 21:13:46 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01

[2009/04/22 01:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/04/19 04:48:45 | 000,002,256 | ---- | C] () -- C:\WINDOWS\current_settings.bin

[2009/04/19 00:58:46 | 000,143,540 | R--- | C] () -- C:\WINDOWS\go7007sb.bin

[2009/04/19 00:58:46 | 000,030,800 | R--- | C] () -- C:\WINDOWS\go7007fw.bin

[2009/04/19 00:58:46 | 000,000,208 | R--- | C] () -- C:\WINDOWS\go7007fw_pf.bin

[2009/04/06 03:17:06 | 001,234,120 | ---- | C] () -- C:\Program Files\wrar380.exe

[2009/04/04 22:02:14 | 000,273,342 | ---- | C] () -- C:\Program Files\DivFix110.zip

[2009/04/04 21:49:15 | 000,411,509 | ---- | C] () -- C:\Program Files\GSpot270a.zip

[2009/04/03 22:17:46 | 005,424,974 | ---- | C] () -- C:\Program Files\dvdmaker.zip

[2009/04/03 08:34:36 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/04/03 03:11:10 | 004,653,240 | ---- | C] () -- C:\Program Files\flashget196en.exe

[2009/03/30 23:40:44 | 000,130,349 | ---- | C] () -- C:\WINDOWS\hpoins13.dat

[2009/03/30 23:40:44 | 000,000,811 | ---- | C] () -- C:\WINDOWS\hpomdl13.dat

[2009/03/29 01:42:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009/03/29 01:40:47 | 000,547,840 | ---- | C] () -- C:\WINDOWS\zHotkey.exe

[2009/03/29 01:40:47 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll

[2009/03/29 01:40:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe

[2009/03/29 01:40:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll

[2009/03/29 01:40:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll

[2009/03/29 01:14:59 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT

[2009/03/29 00:53:31 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2009/03/29 00:53:17 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2009/03/29 00:53:17 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2009/03/29 00:53:13 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2009/03/29 00:53:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2009/03/29 00:53:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2009/03/29 00:52:32 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2009/03/29 00:52:32 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2009/03/29 00:51:23 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2009/03/29 00:50:52 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006/07/01 02:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/07/01 01:30:45 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe

[2006/05/06 20:40:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006/05/06 20:36:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006/05/06 20:24:27 | 000,001,260 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006/05/06 20:24:27 | 000,000,483 | ---- | C] () -- C:\WINDOWS\System32\emver.ini

[2006/05/06 20:24:14 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006/05/06 20:24:14 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006/05/06 13:31:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/05/06 13:30:06 | 000,255,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[1998/03/17 13:15:00 | 000,000,117 | ---- | C] () -- C:\WINDOWS\smp32.dll

========== LOP Check ==========

[2011/05/30 19:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/11/10 20:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

[2009/12/12 19:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2011/05/30 19:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/12/12 13:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2009/04/19 01:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2011/05/18 04:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/04/19 01:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2010/06/09 01:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2009/03/29 01:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[2011/04/20 05:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games

[2009/11/10 20:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools

[2009/11/10 20:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro

[2011/03/24 23:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings

[2011/05/05 23:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS Game Studios

[2011/05/12 14:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Frogwares

[2010/04/22 19:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN

[2011/05/30 06:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0

[2011/05/06 23:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HdO Adventure

[2010/11/29 12:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express

[2010/12/01 17:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong

[2009/08/26 09:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache

[2009/03/29 01:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2009/06/30 13:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony

[2009/06/30 13:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Setup

[2009/04/19 03:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems

[2011/02/20 23:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\wb

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:4C5D7C4565DF087D

@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FD757A9

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BFE92CC

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:864881BF

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1

< End of report >

OTL Extras logfile created on: 5/30/2011 11:47:08 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 399.99 Mb Available Physical Memory | 39.39% Memory free

2.38 Gb Paging File | 1.95 Gb Available in Paging File | 81.66% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142.15 Gb Total Space | 70.16 Gb Free Space | 49.35% Space Free | Partition Type: NTFS

Drive D: | 6.89 Gb Total Space | 3.43 Gb Free Space | 49.80% Space Free | Partition Type: FAT32

Computer Name: K1TT6Y5C4A7T | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)

"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)

"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE" = C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9) -- (CAPCOM CO., LTD.)

"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE" = C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10) -- (CAPCOM CO., LTD.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store

"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 23

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet

"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework

"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{32B93EC0-3E31-4495-A1A3-D74DBE7B77F2}" = PhotoPearls

"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{38B39865-D988-4945-9A22-6107B8B40953}" = C4200

"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE

"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker

"{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software

"{5178758D-BAF8-40BE-BC10-8D9EAE57273F}" = Media Go

"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center

"{62F179C8-51D3-34CB-37B4-2AFA4D4E940A}" = Mortal Kombat Widget

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus

"{7EACD74C-147F-478C-9389-F9F52EE3C88A}" = LightScribe System Software

"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel

"{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK

"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVD

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon

"{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min

"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8

"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation®Network Downloader

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component

"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help

"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext

"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"ADS Tech Master Installer V3.8" = ADS Tech Master Installer V3.8

"ADS Tech V3.8 DVD Xpress DX2 CapWiz" = ADS Tech V3.8 DVD Xpress DX2 CapWiz

"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem

"BFGC" = Big Fish Games: Game Manager

"BFG-Dark Tales - Edgar Allan Poe's The Black Cat Collector's Edition" = Dark Tales:

Link to post
Share on other sites

Also here is a HiJack this log just in case:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:22:50 AM, on 5/31/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\zHotkey.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: SearchElf 1.1 Toolbar - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll

O2 - BHO: SearchElf 1.1 - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: SearchElf 1.1 Toolbar - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files\SearchElf_1.1\prxtbSea2.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [showWnd] ShowWnd.exe

O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Power2GoExpress] NA

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.mikesarcade.com

O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Filter hijack: text/html - {bf8e91c3-9fcd-45e6-aa5e-09825a93d9a7} - C:\WINDOWS\msv1_0.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11339 bytes

Link to post
Share on other sites

SO I got the desktop icons to come back and can access files on drive...but i have the google redirect thing. I've found a way around it, by clicking on the cache for search results on google. But I still need some help. Thanks. -Mike

Link to post
Share on other sites

Another new symptom. I try to watch anything on youtube and have no sound. I try to use divx and it freezes and shuts down internet explorer. Sometimes it will popup with "internet explorer has encountered a problem and needs to close" even I'm not running explorer. Need help bad for this thing.

Link to post
Share on other sites

So I ran Avast anti virus and it found 7 high security virus' on my pc. Did the clean up on them, but I dunno...everything still feels a bit odd. pc feels a bit bogged down. The Avast anti virus keeps telling me I have volsnap malware on my computer and to delete it. Someone please help me....look at my logs above and tell if theres anything going on in there. The next step is gonna be backing everything of use up and reinstalling windows....which I really don't want to do.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

SO I got the desktop icons to come back and can access files on drive...but i have the google redirect thing. I've found a way around it, by clicking on the cache for search results on google. But I still need some help. Thanks. -Mike

Hey bud i go the same symptoms on my computer. Mind helping me out by telling me how you got the icons back on your computer? It would mean teh world to me. THanks! Please answer back as soon as possible.

Link to post
Share on other sites

Hey bud i go the same symptoms on my computer. Mind helping me out by telling me how you got the icons back on your computer? It would mean teh world to me. THanks! Please answer back as soon as possible.

To tell you the truth I don't remember. I went through so many different posts and ran so many different programs to get everything semi-working normal, that I don't remember. Best thing to do is start a thread on here and hope it doesn't get buried by the time someone gets on here that can help you. I still can not run the TDSSKiller.exe that screen317 asked me to...I'm still waiting for anyone to help me with that.

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Every time you reply, you get pushed to the bottom of my reply list.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Link to post
Share on other sites

Sorry for being so impatient. Just got frustrated with this thing on my comp. Is that Raiden from MGS in your avatar?

asw log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-06-05 14:30:31

-----------------------------

14:30:31.814 OS Version: Windows 5.1.2600 Service Pack 2

14:30:31.814 Number of processors: 1 586 0x1601

14:30:31.814 ComputerName: K1TT6Y5C4A7T UserName: Owner

14:30:35.002 Initialize success

14:30:44.298 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17

14:30:44.298 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152627MB BusType: 3

14:30:44.298 Disk 0 MBR read error 0

14:30:44.298 Disk 0 MBR scan

14:30:44.298 Disk 0 unknown MBR code

14:30:44.298 MBR BIOS signature not found 0

14:30:44.298 Disk 0 scanning sectors +312576705

14:30:44.298 Disk 0 scanning C:\WINDOWS\system32\drivers

14:30:51.595 Service scanning

14:30:52.705 Disk 0 trace - called modules:

14:30:52.720 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86ea11ed]<<

14:30:52.720 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f48030]

14:30:52.720 3 CLASSPNP.SYS[f762805b] -> nt!IofCallDriver -> \Device\000000ae[0x86f439e8]

14:30:52.720 5 ACPI.sys[f72f3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f3dd98]

14:30:53.220 \Driver\atapi[0x86f56030] -> IRP_MJ_CREATE -> 0x86fd31f8

14:30:53.220 Scan finished successfully

14:31:12.564 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"

14:31:12.564 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites

  • Staff

Hi,

I understand the frustration.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

It's actually not Raiden :lol:-- it's an old title character from the game GunZ the Duel.

http://images.fanpop.com/images/image_uploads/Gunz-Draws-gunz-the-duel-616836_1280_1024.jpg

Link to post
Share on other sites

DDS log:

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 1:30:56 on 2011-06-08

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.411 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\zHotkey.exe

C:\WINDOWS\ModPS2Key.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\igfxsrvc.exe

svchost.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\prxtbSea2.dll

BHO: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\prxtbSea2.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll

TB: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\prxtbSea2.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Power2GoExpress] NA

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex

mRun: [CHotkey] zHotkey.exe

mRun: [showWnd] ShowWnd.exe

mRun: [ModPS2] ModPS2Key.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

IE: &Download All with FlashGet - c:\progra~1\flashget\jc_all.htm

IE: &Download with FlashGet - c:\progra~1\flashget\jc_link.htm

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: mikesarcade.com\www

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/html - {bf8e91c3-9fcd-45e6-aa5e-09825a93d9a7} -

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-3-16 149864]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-3-16 149864]

R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-8-28 5152]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-3-16 149864]

R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-3-16 23888]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-31 101936]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090530.017\NAVENG.SYS [2009-5-30 89104]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090530.017\NAVEX15.SYS [2009-5-30 876144]

R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-3-29 1251720]

RUnknown aswFsBlk;aswFsBlk; [x]

RUnknown aswSnx;aswSnx; [x]

RUnknown aswSP;aswSP; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2009-3-29 69692]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 sterownik;sterownik;\??\c:\documents and settings\owner\desktop\clonecd_5.3.1.4_full\sterownik.sys --> c:\documents and settings\owner\desktop\clonecd_5.3.1.4_full\sterownik.sys [?]

.

=============== Created Last 30 ================

.

2011-06-01 13:52:57 1431344 ----a-w- C:\123abc.com.exe

2011-06-01 03:28:40 -------- d-----w- C:\## aswSnx private storage

2011-05-31 21:37:31 -------- d-----w- c:\program files\AVAST Software

2011-05-31 21:37:31 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-05-31 03:45:48 580096 ----a-w- C:\OTL.exe

2011-05-31 03:42:12 -------- d-----w- C:\RK_Quarantine

2011-05-31 03:40:53 486912 ----a-w- C:\RogueKiller.exe

2011-05-31 03:34:51 606105 ----a-w- C:\unhide.exe

2011-05-31 03:30:26 14885984 ----a-w- C:\counterspy-setup.exe

2011-05-31 02:32:45 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-05-30 23:52:30 -------- d-----w- c:\documents and settings\all users\application data\Common Files

2011-05-30 23:50:37 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-05-30 23:50:12 5559024 ----a-w- C:\avg_free_stb_all_2011_1375_cnet.exe

2011-05-30 23:43:31 1341 ----a-w- C:\regtools.vbs

2011-05-12 18:13:10 -------- d-----w- c:\documents and settings\owner\application data\Frogwares

2011-05-12 18:10:20 -------- d-----w- c:\program files\Sherlock Holmes and the Hound of the Baskervilles Collector's Edition

.

==================== Find3M ====================

.

2011-04-17 12:00:10 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-04-10 23:45:56 152848 ----a-w- c:\windows\system32\comdlg32.ocx

2011-04-10 05:31:02 436792 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-04-06 07:17:16 1234120 ----a-w- c:\program files\wrar380.exe

2009-04-04 22:28:01 652333 ----a-w- c:\program files\Xvid-1.2.1-04122008.exe

2009-04-03 07:11:11 4653240 ----a-w- c:\program files\flashget196en.exe

.

============= FINISH: 1:32:41.65 ===============

Link to post
Share on other sites

ComboFix log:

ComboFix 11-06-11.01 - Owner 06/11/2011 15:45:20.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.650 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

ADS - WINDOWS: deleted 24 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Owner\Application Data\PriceGong

c:\documents and settings\Owner\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Owner\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Owner\WINDOWS

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\temp.exe

D:\Autorun.inf

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))

.

.

2011-06-01 13:52 . 2011-05-25 11:10 1431344 ----a-w- C:\123abc.com.exe

2011-05-31 21:37 . 2011-06-01 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-05-31 21:37 . 2011-05-31 21:37 -------- d-----w- c:\program files\AVAST Software

2011-05-31 03:45 . 2011-05-31 03:45 580096 ----a-w- C:\OTL.exe

2011-05-31 03:42 . 2011-05-31 03:42 -------- d-----w- C:\RK_Quarantine

2011-05-31 03:40 . 2011-05-31 03:40 486912 ----a-w- C:\RogueKiller.exe

2011-05-31 03:34 . 2011-05-31 03:35 606105 ----a-w- C:\unhide.exe

2011-05-31 03:30 . 2011-05-31 03:30 14885984 ----a-w- C:\counterspy-setup.exe

2011-05-31 02:32 . 2011-05-31 02:32 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-05-31 00:55 . 2011-05-31 00:56 -------- d-----w- c:\documents and settings\Administrator

2011-05-30 23:52 . 2011-05-30 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files

2011-05-30 23:50 . 2011-05-30 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-05-30 23:50 . 2011-05-30 23:50 5559024 ----a-w- C:\avg_free_stb_all_2011_1375_cnet.exe

2011-05-30 23:43 . 2011-05-30 23:43 1341 ----a-w- C:\regtools.vbs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-01 13:51 . 2011-06-01 13:51 1301452 ----a-w- C:\tdsskiller.zip

2011-04-17 12:00 . 2011-03-09 22:07 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-04-10 23:45 . 2000-05-22 23:58 152848 ----a-w- c:\windows\system32\comdlg32.ocx

2011-04-10 05:31 . 2009-11-11 00:13 436792 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-04-06 07:17 . 2009-04-06 07:17 1234120 ----a-w- c:\program files\wrar380.exe

2009-04-04 22:28 . 2009-04-04 22:27 652333 ----a-w- c:\program files\Xvid-1.2.1-04122008.exe

2009-04-03 07:11 . 2009-04-03 07:11 4653240 ----a-w- c:\program files\flashget196en.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00f2c0c6-2194-484e-9064-44e57787867b}"= "c:\program files\SearchElf_1.1\prxtbSea2.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{00f2c0c6-2194-484e-9064-44e57787867b}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00f2c0c6-2194-484e-9064-44e57787867b}]

2011-01-17 14:54 175912 ----a-w- c:\program files\SearchElf_1.1\prxtbSea2.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{00f2c0c6-2194-484e-9064-44e57787867b}"= "c:\program files\SearchElf_1.1\prxtbSea2.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{00f2c0c6-2194-484e-9064-44e57787867b}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{00F2C0C6-2194-484E-9064-44E57787867B}"= "c:\program files\SearchElf_1.1\prxtbSea2.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{00f2c0c6-2194-484e-9064-44e57787867b}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CHotkey"="zHotkey.exe" [2006-11-07 547840]

"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]

"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]

"RTHDCPL"="RTHDCPL.EXE" [2008-03-16 16132608]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-03-16 51048]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-03-16 714608]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-01-16 103720]

"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BigFix.lnk - c:\program files\BigFix\bigfix.exe [2009-3-29 2342912]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2009-03-29 05:49 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-11-20 19:30 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-03-29 07:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=

"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/10/2009 8:13 PM 436792]

R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [8/28/2010 1:47 AM 5152]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [3/16/2008 4:59 AM 149864]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/31/2009 12:00 AM 101936]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 8:09 PM 135664]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [3/16/2008 4:56 AM 23888]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [3/29/2009 1:12 AM 69692]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 8:09 PM 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

S3 sterownik;sterownik;\??\c:\documents and settings\Owner\Desktop\CloneCD_5.3.1.4_Full\sterownik.sys --> c:\documents and settings\Owner\Desktop\CloneCD_5.3.1.4_Full\sterownik.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-11-20 19:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 00:09]

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 00:09]

.

2011-06-07 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-03-16 08:55]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download All with FlashGet - c:\progra~1\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\progra~1\FlashGet\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

Trusted Zone: mikesarcade.com\www

TCP: DhcpNameServer = 192.168.0.1 192.168.0.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-SmartUndelete_is1 - c:\program files\SmartUndelete\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-11 15:58

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]

@DACL=(02 0000)

@SACL=

"WinSock_Registry_Version"="2.0"

"Current_NameSpace_Catalog"="NameSpace_Catalog5"

"Current_Protocol_Catalog"="Protocol_Catalog9"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2180)

c:\windows\system32\WININET.dll

c:\program files\Common Files\Symantec Shared\auCOLPwd.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\zHotkey.exe

c:\windows\ModPS2Key.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

.

**************************************************************************

.

Completion time: 2011-06-11 16:01:57 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-11 20:01

.

Pre-Run: 75,687,993,344 bytes free

Post-Run: 77,395,595,264 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - D4E50F2E1851E7D48C7EDC772C034D28

new DDS log:

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 16:08:11 on 2011-06-11

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.522 [GMT -4:00]

.

AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\zHotkey.exe

C:\WINDOWS\ModPS2Key.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\BigFix\bigfix.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\prxtbSea2.dll

BHO: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\prxtbSea2.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll

TB: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - c:\program files\searchelf_1.1\prxtbSea2.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [Power2GoExpress] NA

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [CHotkey] zHotkey.exe

mRun: [showWnd] ShowWnd.exe

mRun: [ModPS2] ModPS2Key.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: &Download All with FlashGet - c:\progra~1\flashget\jc_all.htm

IE: &Download with FlashGet - c:\progra~1\flashget\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: mikesarcade.com\www

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-3-16 149864]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-3-16 149864]

R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-8-28 5152]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-3-16 149864]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-31 101936]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-3-16 23888]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2009-3-29 69692]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090530.017\NAVENG.SYS [2009-5-30 89104]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090530.017\NAVEX15.SYS [2009-5-30 876144]

S3 sterownik;sterownik;\??\c:\documents and settings\owner\desktop\clonecd_5.3.1.4_full\sterownik.sys --> c:\documents and settings\owner\desktop\clonecd_5.3.1.4_full\sterownik.sys [?]

S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-3-29 1251720]

.

=============== Created Last 30 ================

.

2011-06-11 19:43:10 -------- d-sha-r- C:\cmdcons

2011-06-11 19:37:01 98816 ----a-w- c:\windows\sed.exe

2011-06-11 19:37:01 518144 ----a-w- c:\windows\SWREG.exe

2011-06-11 19:37:01 256512 ----a-w- c:\windows\PEV.exe

2011-06-11 19:37:01 208896 ----a-w- c:\windows\MBR.exe

2011-06-01 13:52:57 1431344 ----a-w- C:\123abc.com.exe

2011-05-31 21:37:31 -------- d-----w- c:\program files\AVAST Software

2011-05-31 21:37:31 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-05-31 03:45:48 580096 ----a-w- C:\OTL.exe

2011-05-31 03:42:12 -------- d-----w- C:\RK_Quarantine

2011-05-31 03:40:53 486912 ----a-w- C:\RogueKiller.exe

2011-05-31 03:34:51 606105 ----a-w- C:\unhide.exe

2011-05-31 03:30:26 14885984 ----a-w- C:\counterspy-setup.exe

2011-05-31 02:32:45 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-05-30 23:52:30 -------- d-----w- c:\documents and settings\all users\application data\Common Files

2011-05-30 23:50:37 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-05-30 23:50:12 5559024 ----a-w- C:\avg_free_stb_all_2011_1375_cnet.exe

2011-05-30 23:43:31 1341 ----a-w- C:\regtools.vbs

.

==================== Find3M ====================

.

2011-04-17 12:00:10 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-04-10 23:45:56 152848 ----a-w- c:\windows\system32\comdlg32.ocx

2011-04-10 05:31:02 436792 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-04-06 07:17:16 1234120 ----a-w- c:\program files\wrar380.exe

2009-04-04 22:28:01 652333 ----a-w- c:\program files\Xvid-1.2.1-04122008.exe

2009-04-03 07:11:11 4653240 ----a-w- c:\program files\flashget196en.exe

.

============= FINISH: 16:08:22.96 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESET Log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6526

# api_version=3.0.2

# EOSSerial=e1501d2699a7ef439e7c45b28b71acf9

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-14 11:02:44

# local_time=2011-06-14 07:02:44 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 31059795 31059795 0 0

# compatibility_mode=3584 16777179 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=119253

# found=2

# cleaned=2

# scan_time=3851

C:\RK_Quarantine\reanowdtdeg.exe.vir a variant of Win32/Kryptik.OKF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP1\A0000264.sys Win32/Olmasco.E trojan (deleted - quarantined) 00000000000000000000000000000000 C

Security Check:

Results of screen317's Security Check version 0.99.13

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

Norton AntiVirus

Norton AntiVirus Help

Norton Internet Security (Symantec Corporation)

Norton Internet Security

McAfee Security Scan Plus

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 23

Java 6 Update 4

Out of date Java installed!

Adobe Flash Player

Adobe Reader 9.1

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

So far everything seems ok. Google doesn't get redirected, all desktop icons present, start menu programs have files in them again. It seems to be doing good. This thing was a real major pain in the a$$. Its seems like theres been alot of posts on here in the last month or so involving the same thing, is this something new or is just now getting around? Thanks so much for the help and sorry for being impatient at times. Didn't realize just how much I used/needed the comp for more than games. :P

Link to post
Share on other sites

  • Staff

Hi,

Same stuff, different day. :)

Delete this folder:

C:\RK_Quarantine

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

HijackThis 2.0.2

Java

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.