User User name Password  
   
Saturday 21.12.2024 / 20:50
Search AfterDawn Forums:        In English   Suomeksi   Pć svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > i got a tough one to remove....
Show topics
 
Forums
Forums
I got a tough one to remove....
  Jump to:
 
Posted Message
Page:12Next >
Member
_
21. September 2013 @ 00:05 _ Link to this message    Send private message to this user   
Hey folks, I got a tough one to remove. I ran every everything i could, but it's still hanging on my machine. So I'm respectfully asking for a little help. I ran ...
Superantispyware
Comodo av
Malwearebytes
Panda Scan
Housecall
Hijack This
KillBox
Combo Fix (wouldn't run)
and of course defragged, and scrubbed everything as clean as possible between scans.
Thanks 1,000,000 in advance
Narcismo

This message has been edited since posting. Last time this message was edited on 21. September 2013 @ 00:12

Advertisement
_
__
Member
_
21. September 2013 @ 00:55 _ Link to this message    Send private message to this user   
Originally posted by narcismo:
Hey folks, I got a tough one to remove. I ran every everything i could, but it's still hanging on my machine. So I'm respectfully asking for a little help. I ran ...
Superantispyware
Comodo av
Malwearebytes
Panda Scan
Housecall
Hijack This
KillBox
Combo Fix (wouldn't run)
and of course defragged, and scrubbed everything as clean as possible between scans.
Thanks 1,000,000 in advance
Narcismo
WhiteSmoke and Sweetpacks toolbars(not sure where they came from) wont uninstall, Java won't update, pop-ups everywhere, computer slow and slower, pages being redirected.
This is frustrating. Maybe I should just re-format this thing and count my losses. I'll, loose a lot of stuff... man this is a bummer...
AfterDawn Addict
_
21. September 2013 @ 01:46 _ Link to this message    Send private message to this user   
Originally posted by narcismo:
Originally posted by narcismo:
Hey folks, I got a tough one to remove. I ran every everything i could, but it's still hanging on my machine. So I'm respectfully asking for a little help. I ran ...
Superantispyware
Comodo av
Malwearebytes
Panda Scan
Housecall
Hijack This
KillBox
Combo Fix (wouldn't run)
and of course defragged, and scrubbed everything as clean as possible between scans.
Thanks 1,000,000 in advance
Narcismo
WhiteSmoke and Sweetpacks toolbars(not sure where they came from) wont uninstall, Java won't update, pop-ups everywhere, computer slow and slower, pages being redirected.
This is frustrating. Maybe I should just re-format this thing and count my losses. I'll, loose a lot of stuff... man this is a bummer...
Don't give up.....Reformat is probably UN-necessary.. Help is on the way. Have faith.
Looking through the stuff you have ran, I think you missed most of the good stuff :)

First, it's late here and I gotta hit the sack soon so:
Please run Hijackthis and post a copy of the Log and I'll go over it in the morning and lay out some stuff to clean your machine.

P.S. DO NOT attempt to remove anything with Hijackthis. It can screw up things and you would really be in a mess! Just post the Log. Thanks.

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...

This message has been edited since posting. Last time this message was edited on 21. September 2013 @ 02:01

Member
_
21. September 2013 @ 02:12 _ Link to this message    Send private message to this user   
Late here too friend....thanks, and ill post ASAP.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:12:48 AM, on 9/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlerts.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Startup: Severe Weather Alerts App.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
O4 - Startup: Severe Weather Alerts.lnk = C:\Documents and Settings\Owner\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlerts.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s...ash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 6686 bytes
AfterDawn Addict
_
21. September 2013 @ 03:08 _ Link to this message    Send private message to this user   
Hi narcismo,

Well that's about the cleanest HJT Log I've seen in a long time. We'll have to dig deeper than that.

First, let's see if you may have a rootkit hiding the malware.

Open your MalwareBytes and click the tab More Tools.

Then click on Anti-Rootkit. A page will open where you can download MBAR along with instructions for running it.

Follow the instructions and run the program. Post back and let me know if it found anything and we will go from there.

2oG
Member
_
21. September 2013 @ 03:45 _ Link to this message    Send private message to this user   
it tells me the system is inaccessible of encrypted. cant access.
AfterDawn Addict
_
21. September 2013 @ 05:39 _ Link to this message    Send private message to this user   
Let?s try AntiVir Rescue disk

Using a clean computer:
Use this guide to download and burn a rescue disk to, hopefully,clean your machine enough that we can work with it to finishing cleaning:
http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

Let me know the outcome and we will see???.

I hope not here but, there is one ?Bad? rootkit out there that completely destroys the operating system making it impossible to repair. It?s called ZeroAccess Rootkit.

2oG
Member
_
21. September 2013 @ 16:40 _ Link to this message    Send private message to this user   
Originally posted by narcismo:
it tells me the system is inaccessible of encrypted. cant access.
OK, after a few fresh re-installations, here we go...



Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.657000 GHz
Memory total: 2145386496, free: 1175736320

Downloaded database version: v2013.09.21.03
Downloaded database version: v2013.09.20.01
=======================================
Initializing...
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.657000 GHz
Memory total: 2145386496, free: 1152946176

Downloaded database version: v2013.09.21.03
Downloaded database version: v2013.09.20.01
=======================================
Initializing...
DDA Driver installation error.
=======================================
Initializing...
DDA Driver installation error.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.658000 GHz
Memory total: 2145386496, free: 1832775680

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.658000 GHz
Memory total: 2145386496, free: 1223118848

Downloaded database version: v2013.09.21.03
Downloaded database version: v2013.09.20.01
Initializing...
=======================================
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.658000 GHz
Memory total: 2145386496, free: 1448624128

Downloaded database version: v2013.09.21.10
Downloaded database version: v2013.09.20.01
=======================================
Initializing...
------------ Kernel report ------------
09/21/2013 15:56:43
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
\WINDOWS\System32\DRIVERS\TDI.SYS
Mup.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\ialmnt5.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\IntelC53.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\IntelC51.sys
\SystemRoot\system32\DRIVERS\IntelC52.sys
\SystemRoot\system32\DRIVERS\mohfilt.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\DRIVERS\bcm4sbxp.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\System32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\Drivers\usbaapl.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a581ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a5c3d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a581ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a5bc958, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a581ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a5c3d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9DC96E9E

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 80325 Numsec = 80196480
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 41110142976 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-80273248-80293248)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_80325_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
AfterDawn Addict
_
21. September 2013 @ 16:48 _ Link to this message    Send private message to this user   
Looks like a Chinese fire drill!

Tell me what you got done and how it's doing?
all the info you got... please

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Member
_
21. September 2013 @ 16:48 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Let?s try AntiVir Rescue disk

Using a clean computer:
Use this guide to download and burn a rescue disk to, hopefully,clean your machine enough that we can work with it to finishing cleaning:
http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

Let me know the outcome and we will see???.

I hope not here but, there is one ?Bad? rootkit out there that completely destroys the operating system making it impossible to repair. It?s called ZeroAccess Rootkit.

2oG



After you have a chance to take a peek at the Mbar Log, let me know if you think I still need that Avira rescue disc. Thanks again.
Narcismo
AfterDawn Addict
_
21. September 2013 @ 17:02 _ Link to this message    Send private message to this user   
Well Narcismo,

It appears that your operating system has taken a beating and I have little faith in returning it to good condition.

First try to run this one and then maybe we can see if it would do any good to run the rescue disc.

--AdwCleaner--

Please download AdwCleaner by Xplode to your Desktop.
? Close all open programs and internet browsers.
? Double click on AdwCleaner.exe to run the tool.
? Click on Delete tab follow the prompts.
? A log file will automatically open after the scan has finished.
? Please post the content of that log file with your next answer.
? You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).


2oG
Member
_
21. September 2013 @ 17:04 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Looks like a Chinese fire drill!

Tell me what you got done and how it's doing?
all the info you got... please

2oG
Hi 2oG, well somehow I managed to get rid of those damn toolbars,and the Mbar log finally ran, (you'll have to explain the Chinese fire drill part...sounds bad), so far today no problems. What info can i give you ? Your wish is my command....
Narcismo
AfterDawn Addict
_
21. September 2013 @ 17:10 _ Link to this message    Send private message to this user   
check my last post
Originally posted by 2oldGeek:
Well Narcismo,

It appears that your operating system has taken a beating and I have little faith in returning it to good condition.

First try to run this one and then maybe we can see if it would do any good to run the rescue disc.

--AdwCleaner--

Please download AdwCleaner by Xplode to your Desktop.
? Close all open programs and internet browsers.
? Double click on AdwCleaner.exe to run the tool.
? Click on Delete tab follow the prompts.
? A log file will automatically open after the scan has finished.
? Please post the content of that log file with your next answer.
? You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).


2oG




There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Member
_
21. September 2013 @ 17:30 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Well Narcismo,

It appears that your operating system has taken a beating and I have little faith in returning it to good condition.

First try to run this one and then maybe we can see if it would do any good to run the rescue disc.

--AdwCleaner--

Please download AdwCleaner by Xplode to your Desktop.
? Close all open programs and internet browsers.
? Double click on AdwCleaner.exe to run the tool.
? Click on Delete tab follow the prompts.
? A log file will automatically open after the scan has finished.
? Please post the content of that log file with your next answer.
? You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).


2oG
2oG, I did run that one yesterday, forgot to mention, Ive run sooo many. But I'll run it again, and get back to you asap.
Member
_
21. September 2013 @ 17:52 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
check my last post
Originally posted by 2oldGeek:
Well Narcismo,

It appears that your operating system has taken a beating and I have little faith in returning it to good condition.

First try to run this one and then maybe we can see if it would do any good to run the rescue disc.

--AdwCleaner--

Please download AdwCleaner by Xplode to your Desktop.
? Close all open programs and internet browsers.
? Double click on AdwCleaner.exe to run the tool.
? Click on Delete tab follow the prompts.
? A log file will automatically open after the scan has finished.
? Please post the content of that log file with your next answer.
? You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).


2oG

Here you go...



# AdwCleaner v3.004 - Report created 21/09/2013 at 17:42:14
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - VY3RUQVI8WPAUUK
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4izbb9ba.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [30675 octets] - [21/09/2013 01:32:39]
AdwCleaner[R1].txt - [1219 octets] - [21/09/2013 17:33:07]
AdwCleaner[S0].txt - [30897 octets] - [21/09/2013 01:38:11]
AdwCleaner[S1].txt - [1142 octets] - [21/09/2013 17:42:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1202 octets] ##########

So gimmie the bad news..lol
AfterDawn Addict
_
21. September 2013 @ 17:56 _ Link to this message    Send private message to this user   
narcismo, I didn't see it in the list you gave.. But would like to run it again after MBAR.

If we're going to clean you like an Old Maid's Parlor we have to run a few more :)

You said you didn't get Combofix to work I may have you run it later.

After you run AdwCleaner, here's some more and post the logs back to me:

--JRT--

Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.



--RogueKiller--

? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+


--OTL--
Please download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.
? Double click OTL.exe to launch the program.
? Check the following.
o Scan all users.
o Standard Output.
o Lop check.
o Purity check.
? Under Extra Registry section, select Use SafeList
? Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
? When finished it will produce two logs.
o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar)
? Please post me both logs


Please paste the logs in your next reply.
Let me know what problem persists.

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Member
_
21. September 2013 @ 19:38 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
narcismo, I didn't see it in the list you gave.. But would like to run it again after MBAR.

If we're going to clean you like an Old Maid's Parlor we have to run a few more :)

You said you didn't get Combofix to work I may have you run it later.

After you run AdwCleaner, here's some more and post the logs back to me:

--JRT--

Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.



--RogueKiller--

? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+


--OTL--
Please download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.
? Double click OTL.exe to launch the program.
? Check the following.
o Scan all users.
o Standard Output.
o Lop check.
o Purity check.
? Under Extra Registry section, select Use SafeList
? Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
? When finished it will produce two logs.
o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar)
? Please post me both logs


Please paste the logs in your next reply.
Let me know what problem persists.

2oG


2oG,
Heres what I came up with....


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Sat 09/21/2013 at 18:25:46.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C97DF0F9-EF58-4CAD-A40C-15B07E33CB37}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EA9F465E-8B0D-41DD-B049-C74802B9C73B}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\4izbb9ba.default\minidumps [7 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/21/2013 at 18:54:54.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


For some reason the RogueKiller scan woundl'nt produce a log( I ran it 2X's). It did create a folder, but I couldn't save a log. I noticed that it did find a fake entry, whick I assume it re-named....heres what I could save, found under the MBR Tab( not sure if it's any help)...

3f 98 8a de 8a fc 43 f7 e3 8b d1 86 d6 b1 06 d2 ee
42 f7 e2 39 56 0a 77 23 72 05 39 46 08 73 1c b8 01
02 bb 00 7c 8b 4e 02 8b 56 00 cd 13 73 51 4f 74 4e
32 e4 8a 56 00 cd 13 eb e4 8a 56 00 60 bb aa 55 b4
41 cd 13 72 36 81 fb 55 aa 75 30 f6 c1 01 74 2b 61
60 6a 00 6a 00 ff 76 0a ff 76 08 6a 00 68 00 7c 6a
01 6a 10 b4 42 8b f4 cd 13 61 61 73 0e 4f 74 0b 32
e4 8a 56 00 cd 13 eb d6 61 f9 c3 49 6e 76 61 6c 69
64 20 70 61 72 74 69 74 69 6f 6e 20 74 61 62 6c 65
00 45 72 72 6f 72 20 6c 6f 61 64 69 6e 67 20 6f 70
65 72 61 74 69 6e 67 20 73 79 73 74 65 6d 00 4d 69
73 73 69 6e 67 20 6f 70 65 72 61 74 69 6e 67 20 73
79 73 74 65 6d 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 2c 44 63 9e 6e
c9 9d 00 00

3.....|.P.P....|...PW...........8n.|.u.............It.8,t.........<.t...........N..F.s*.F..~..t..~..t....u..F...F...V...!.s.......>.}U.t..~..t.........W.......V.....r#..$?.....C..........B..9V.w#r.9F.s......|.N..V...sQOtN2..V......V.`..U.A..r6..U.u0...t+a`j.j..v..v.j.h.|j.j..B....aas.Ot.2..V.....a..Invalid partition table.Error loading operating system.Missing operating system..........................................................,Dc.n....

Error reading LL1 MBR!
Error reading LL2 MBR!

I did notice that


OTL Logs


OTL logfile created on: 9/21/2013 7:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.28% Memory free
4.78 Gb Paging File | 4.30 Gb Available in Paging File | 89.85% Paging File free
Paging file location(s): C:\pagefile.sys 3000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.24 Gb Total Space | 16.45 Gb Free Space | 43.01% Space Free | Partition Type: NTFS
Drive D: | 95.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VY3RUQVI8WPAUUK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/09/21 19:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/09/21 17:16:40 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/08/01 07:20:22 | 002,095,808 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
PRC - [2013/07/13 20:44:29 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/08 16:59:39 | 004,801,304 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2013/07/08 16:59:06 | 009,044,696 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe
PRC - [2013/07/08 16:59:06 | 001,464,536 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
PRC - [2013/06/18 16:15:28 | 001,839,832 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
PRC - [2012/09/07 23:31:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/07/12 08:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/08/01 07:20:22 | 002,095,808 | ---- | M] () -- C:\Program Files\COMODO\Dragon\dragon_updater.exe
MOD - [2013/07/08 16:59:12 | 002,463,448 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdavcen.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/21 17:16:40 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/09/19 23:53:47 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/19 16:04:05 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/01 07:20:22 | 002,095,808 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013/07/08 16:59:39 | 004,801,304 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013/06/18 16:15:28 | 000,127,192 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/07 23:31:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/07/08 16:59:42 | 000,587,352 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2013/06/18 16:16:24 | 000,099,520 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2013/06/18 16:16:24 | 000,032,816 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/06/18 16:16:22 | 000,018,528 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/18 03:28:41 | 000,124,504 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/08/05 20:56:33 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/05 20:56:32 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-854245398-746137067-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-854245398-746137067-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-854245398-746137067-839522115-1003\..\SearchScopes\{1858DAB0-BC8A-4D55-88C3-CB9952493E20}: "URL" = http://search.yahoo.com/search?fr=chr-g...p={searchTerms}
IE - HKU\S-1-5-21-854245398-746137067-839522115-1003\..\SearchScopes\{EA9F465E-8B0D-41DD-B049-C74802B9C73B}: "URL" = http://www.bing.com/search?q={searchTer...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-854245398-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-746137067-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/17 11:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/21 01:38:32 | 000,000,000 | ---D | M]

[2011/12/20 22:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/09/21 01:20:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4izbb9ba.default\extensions
[2013/07/13 23:42:24 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4izbb9ba.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013/09/08 15:21:46 | 000,371,968 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4izbb9ba.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/08/12 00:18:10 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4izbb9ba.default\searchplugins\yahoo.xml
[2013/09/21 00:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/17 11:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/08/17 11:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/08/17 11:16:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/17 11:16:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/08/17 11:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/19 16:04:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]


O1 HOSTS File: ([2012/11/13 17:59:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4 - HKU\S-1-5-21-854245398-746137067-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKU\S-1-5-21-854245398-746137067-839522115-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-746137067-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-746137067-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-746137067-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-746137067-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E6B8B0F-A29E-49B1-973C-380ECFA05BC7}: DhcpNameServer = 204.186.80.229 216.144.187.101 216.144.187.199
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/22 17:47:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/09/20 04:13:05 | 000,000,154 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/09/21 19:17:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/09/21 19:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RK_Quarantine
[2013/09/21 18:24:56 | 001,029,675 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/09/21 18:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/21 18:00:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/09/21 17:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/21 17:18:09 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/09/21 17:18:06 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/09/21 17:17:40 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/09/21 17:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/09/21 17:17:38 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/09/21 17:17:38 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/09/21 03:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/09/21 03:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\mbar
[2013/09/21 03:42:38 | 012,907,592 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Owner\My Documents\mbar-1.07.0.1005.exe
[2013/09/21 01:32:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/21 00:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Weather_Notifications,_LL
[2013/09/21 00:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Severe Weather Alerts
[2013/09/21 00:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SevereWeatherAlerts
[2013/09/20 21:56:53 | 000,000,000 | ---D | C] -- C:\!KillBox
[2013/09/19 16:53:07 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/09/18 14:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/09/18 14:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/09/18 14:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/09/18 14:22:23 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2013/09/18 14:22:23 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2013/09/18 14:22:23 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2013/09/18 14:22:20 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2013/09/18 14:22:18 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2013/09/18 14:22:18 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2013/09/18 14:22:15 | 000,000,000 | ---D | C] -- C:\8038ec3821fbb847d2
[2013/09/15 17:35:55 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2013/09/15 17:33:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2013/09/03 21:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
[2013/09/03 21:38:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2013/09/03 21:34:29 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/09/03 21:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2013/09/02 23:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/09/21 19:22:41 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/09/21 19:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/09/21 19:02:21 | 000,922,112 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2013/09/21 18:53:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/21 18:43:32 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
[2013/09/21 18:24:57 | 001,029,675 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/09/21 18:18:15 | 000,003,351 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Rich Text Document (8).rtf
[2013/09/21 18:15:41 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/09/21 18:01:29 | 000,004,330 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130921_180126.reg
[2013/09/21 17:52:52 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
[2013/09/21 17:43:22 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
[2013/09/21 17:42:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/21 17:16:45 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/09/21 17:16:37 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/09/21 17:16:37 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/09/21 17:16:37 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/09/21 17:16:36 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/09/21 17:16:35 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/09/21 17:16:34 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/09/21 03:58:28 | 012,907,592 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Owner\My Documents\mbar-1.07.0.1005.exe
[2013/09/21 02:12:07 | 000,007,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130921_021203.reg
[2013/09/21 01:06:35 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 2bfd419a-5078-4927-9e7c-255096414efe.job
[2013/09/20 23:29:34 | 000,246,392 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2013/09/20 23:29:31 | 000,165,984 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2013/09/20 22:21:59 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Panda Cloud Cleaner.lnk
[2013/09/20 22:18:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/20 21:52:28 | 000,012,804 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130920_215225.reg
[2013/09/20 05:06:56 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/20 05:06:56 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2013/09/19 23:53:43 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/19 23:53:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/19 17:13:01 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/19 17:13:01 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/19 16:44:21 | 000,008,936 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130919_164417.reg
[2013/09/18 15:04:09 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/17 00:40:55 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/16 21:29:43 | 000,008,724 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130916_212941.reg
[2013/09/06 23:01:57 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130906_230154.reg
[2013/09/04 00:27:18 | 000,011,511 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CisReport_v6.2.285401.2860_20130904-002710.zip
[2013/09/03 22:12:11 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2013/09/03 21:38:24 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual Comodo Dragon.lnk
[2013/09/03 21:38:22 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shared Space.lnk
[2013/09/03 21:35:01 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013/09/03 21:34:29 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/09/03 21:14:58 | 000,001,936 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20130903_211455.reg
[2013/08/31 00:01:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Rich Text Document (6).rtf
[2013/08/28 20:00:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Rich Text Document (5).rtf
[2013/08/28 19:41:48 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Rich Text Document (4).rtf
[2013/08/25 01:17:50 | 000,011,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Rich Text Document (3).rtf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/09/21 19:02:20 | 000,922,112 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2013/09/21 18:18:00 | 000,003,351 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Rich Text Document (8).rtf
[2013/09/21 18:01:28 | 000,004,330 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130921_180126.reg
[2013/09/21 02:12:05 | 000,007,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130921_021203.reg
[2013/09/21 01:06:35 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 2bfd419a-5078-4927-9e7c-255096414efe.job
[2013/09/21 01:01:16 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/09/21 01:01:15 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
[2013/09/21 01:01:14 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
[2013/09/21 01:01:12 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
[2013/09/20 21:52:27 | 000,012,804 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130920_215225.reg
[2013/09/19 16:44:19 | 000,008,936 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130919_164417.reg
[2013/09/16 21:29:42 | 000,008,724 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130916_212941.reg
[2013/09/06 23:01:56 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130906_230154.reg
[2013/09/04 00:27:15 | 000,011,511 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CisReport_v6.2.285401.2860_20130904-002710.zip
[2013/09/03 21:39:31 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/09/03 21:38:24 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2013/09/03 21:38:24 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual Comodo Dragon.lnk
[2013/09/03 21:38:22 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shared Space.lnk
[2013/09/03 21:35:01 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013/09/03 21:14:56 | 000,001,936 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20130903_211455.reg
[2013/08/31 00:00:48 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Rich Text Document (6).rtf
[2013/08/28 20:00:08 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Rich Text Document (5).rtf
[2013/08/28 19:41:40 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Rich Text Document (4).rtf
[2013/08/25 01:17:34 | 000,011,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Rich Text Document (3).rtf
[2013/04/25 03:23:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/24 02:52:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/24 02:52:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/24 02:52:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/24 02:52:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/24 02:52:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/25 06:35:42 | 000,246,392 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2012/09/25 06:35:34 | 000,165,984 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2012/09/25 06:25:42 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2012/07/16 01:44:37 | 000,022,580 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu.rar
[2012/02/15 01:16:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/28 22:53:58 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/28 20:52:20 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2013/09/15 17:36:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2011/08/05 20:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2013/06/23 18:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/14 21:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/05/31 14:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2011/06/28 21:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2013/09/03 21:38:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2011/06/28 20:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2013/07/13 22:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/14 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/07/27 12:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/06 17:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/01 16:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\FCTB000100293
[2013/06/15 00:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2011/09/16 21:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FinalBurner Video DVD
[2013/02/22 23:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2011/12/10 17:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StreamTorrent
[2013/09/21 18:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >



.....2nd OTL Log


OTL Extras logfile created on: 9/21/2013 7:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.28% Memory free
4.78 Gb Paging File | 4.30 Gb Available in Paging File | 89.85% Paging File free
Paging file location(s): C:\pagefile.sys 3000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.24 Gb Total Space | 16.45 Gb Free Space | 43.01% Space Free | Partition Type: NTFS
Drive D: | 95.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VY3RUQVI8WPAUUK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-854245398-746137067-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player -- (StreamTorrent)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:”Torrent -- (BitTorrent, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92C5DB3D-9D6F-4324-BB11-57825F4C2635}" = DVD Decoder Pak for Windows XP
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0BABADE-E154-4F08-97A1-2903CD110E88}" = COMODO Internet Security Premium
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AnyDVD" = AnyDVD
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Comodo Dragon" = Comodo Dragon
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SopCast" = SopCast 3.4.0
"StreamTorrent 1.0" = StreamTorrent 1.0
"TVAnts 1.0" = TVAnts 1.0
"uTorrent" = ”Torrent
"VLC media player" = VLC media player 2.0.6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-854245398-746137067-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Severe Weather Alerts" = Severe Weather Alerts

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 9/18/2013 9:29:39 PM | Computer Name = VY3RUQVI8WPAUUK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/18/2013 9:29:39 PM | Computer Name = VY3RUQVI8WPAUUK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/18/2013 9:29:42 PM | Computer Name = VY3RUQVI8WPAUUK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/18/2013 9:29:42 PM | Computer Name = VY3RUQVI8WPAUUK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/19/2013 4:31:44 PM | Computer Name = VY3RUQVI8WPAUUK | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Printing, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x80070020

Error - 9/20/2013 8:36:31 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2013 12:49:52 AM | Computer Name = VY3RUQVI8WPAUUK | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 java.exe, P2 2.0.3.0, P3 5237100f, P4 mscorlib,
P5 2.0.0.0, P6 5174dd4c, P7 3455, P8 15a, P9 system.unauthorizedaccess, P10 NIL.

Error - 9/21/2013 12:53:04 AM | Computer Name = VY3RUQVI8WPAUUK | Source = CltMngSvc | ID = 1000
Description =

Error - 9/21/2013 12:55:09 AM | Computer Name = VY3RUQVI8WPAUUK | Source = CltMngSvc | ID = 1000
Description =

Error - 9/21/2013 12:58:25 AM | Computer Name = VY3RUQVI8WPAUUK | Source = CltMngSvc | ID = 1000
Description =

[ System Events ]
Error - 9/21/2013 5:55:01 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2013 5:55:03 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2013 5:55:06 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2013 5:57:38 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2013 5:57:54 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2013 7:04:29 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Dhcp | ID = 1002
Description = The IP address lease 50.29.163.107 for the Network Card with network
address 000D5667B853 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 9/21/2013 7:09:58 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 000D5667B853 has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 9/21/2013 7:26:50 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2013 7:26:52 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/21/2013 7:26:54 PM | Computer Name = VY3RUQVI8WPAUUK | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >



Let me know whatever else you need. Sorry about the RogueKiller Log. I'll try again.
Thanks again.
Narcismo
AfterDawn Addict
_
21. September 2013 @ 20:18 _ Link to this message    Send private message to this user   
narcismo,

Well your looking better.. I found an alternate data stream in a Temp file and your MBR master boot record seems a little screwed up. It will take me some time to analize the OTL Logs and build a fix for you so don't give up :)

I was thinking that the avira rescue disc will repair your MBR so it might be a good idea now to go ahead and run it. You just need to follow the guide that I had you DL. It takes 30 minutes+ to run and when finished you can download Avira Free, turn off your Comodo AV and install and scan with Avira. when done you can just uninstall Avira and go back to your Comodo.

I'll be working on a OTL Fix and will get it to you as soon as I can. I guess you can see from the size of the OTL logs that it is like eating an elephant.. just one small byte at a time. lol

Go ahead and run the Avira rescue disc and we'll move right along...

till later,
2oG
Member
_
21. September 2013 @ 21:55 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
narcismo,

Well your looking better.. I found an alternate data stream in a Temp file and your MBR master boot record seems a little screwed up. It will take me some time to analize the OTL Logs and build a fix for you so don't give up :)

I was thinking that the avira rescue disc will repair your MBR so it might be a good idea now to go ahead and run it. You just need to follow the guide that I had you DL. It takes 30 minutes+ to run and when finished you can download Avira Free, turn off your Comodo AV and install and scan with Avira. when done you can just uninstall Avira and go back to your Comodo.

I'll be working on a OTL Fix and will get it to you as soon as I can. I guess you can see from the size of the OTL logs that it is like eating an elephant.. just one small byte at a time. lol

Go ahead and run the Avira rescue disc and we'll move right along...

till later,
2oG
Thanks 1,000,000 2oG. I obviously cant read your OTL Logs, but I know what "ERROR" means, and there were a ton. Not Good I know.
My problem now is... I dont have access to a clean machine until tomorrow. Should I go for that Rescue Disc now, on what I have? Or wait ?
Thanks
Narcismo

P.S. I ran another Mbar Scan(negative) and RogueKiller (showed the same results, -the fake). Heres a HJT wich looks fine...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:07:02 PM, on 9/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s...ash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 6341 bytes

This message has been edited since posting. Last time this message was edited on 21. September 2013 @ 22:00

Member
_
21. September 2013 @ 23:57 _ Link to this message    Send private message to this user   
Originally posted by narcismo:
Originally posted by 2oldGeek:
narcismo,

Well your looking better.. I found an alternate data stream in a Temp file and your MBR master boot record seems a little screwed up. It will take me some time to analize the OTL Logs and build a fix for you so don't give up :)

I was thinking that the avira rescue disc will repair your MBR so it might be a good idea now to go ahead and run it. You just need to follow the guide that I had you DL. It takes 30 minutes+ to run and when finished you can download Avira Free, turn off your Comodo AV and install and scan with Avira. when done you can just uninstall Avira and go back to your Comodo.

I'll be working on a OTL Fix and will get it to you as soon as I can. I guess you can see from the size of the OTL logs that it is like eating an elephant.. just one small byte at a time. lol

Go ahead and run the Avira rescue disc and we'll move right along...

till later,
2oG
Thanks 1,000,000 2oG. I obviously cant read your OTL Logs, but I know what "ERROR" means, and there were a ton. Not Good I know.
My problem now is... I dont have access to a clean machine until tomorrow. Should I go for that Rescue Disc now, on what I have? Or wait ?
Thanks
Narcismo

P.S. I ran another Mbar Scan(negative) and RogueKiller (showed the same results, -the fake). Heres a HJT wich looks fine...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:07:02 PM, on 9/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s...ash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 6341 bytes

I did make a rescue disk, but I made from this machine. I'll run it if you advise, or I can make another tomorrow from a clean machine. Think I'll wait to hear back, I'm out of my comfort zone here lol. Your the expert!
Thanks again
Narcismo
AfterDawn Addict
_
22. September 2013 @ 10:58 _ Link to this message    Send private message to this user   
If you were able to burn the cd from that computer, it's probably ok to run it..
The only thing I was concerned about was your MBR boot record. Does it boot and load the windows OK? If it boots ok then it's your choice.. If I had trouble with it booting, I'd run it....

Edit I decided to skip the otl fix for the moment and see how you are running and if you have any problems please let me know..


2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...

This message has been edited since posting. Last time this message was edited on 22. September 2013 @ 11:28

Member
_
22. September 2013 @ 17:04 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
If you were able to burn the cd from that computer, it's probably ok to run it..
The only thing I was concerned about was your MBR boot record. Does it boot and load the windows OK? If it boots ok then it's your choice.. If I had trouble with it booting, I'd run it....

Edit I decided to skip the otl fix for the moment and see how you are running and if you have any problems please let me know..


2oG
Hi 2oG, sorry for the slow reply, it's been one of those days. I haven't had a chance to make a rescue disk from a different machine yet. Not enough hours in the day.
However I had no trouble at all making one with this machine. My comp boots just fine, never had trouble in that area. I'll boot up from the rescue disk if you want. Unless you have a different idea.
Honestly it's been running fine, not sure for how long, but so far so good.
Let me know what your thinking, thanks again.
Narcismo
AfterDawn Addict
_
22. September 2013 @ 21:02 _ Link to this message    Send private message to this user   
Originally posted by narcismo:
Originally posted by 2oldGeek:
If you were able to burn the cd from that computer, it's probably ok to run it..
The only thing I was concerned about was your MBR boot record. Does it boot and load the windows OK? If it boots ok then it's your choice.. If I had trouble with it booting, I'd run it....

Edit I decided to skip the otl fix for the moment and see how you are running and if you have any problems please let me know..


2oG
Hi 2oG, sorry for the slow reply, it's been one of those days. I haven't had a chance to make a rescue disk from a different machine yet. Not enough hours in the day.
However I had no trouble at all making one with this machine. My comp boots just fine, never had trouble in that area. I'll boot up from the rescue disk if you want. Unless you have a different idea.
Honestly it's been running fine, not sure for how long, but so far so good.
Let me know what your thinking, thanks again.
Narcismo
Yeah, I know what you mean about one of those days. me too

I wouldn't worry about doing anything else if it seems to be running ok without errors.
Just let it be for a few days and if no problems show up skip the rescue. If it does give problems, you can always run it. Then give me a shout on here...

Happy Computing,
2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Member
_
22. September 2013 @ 21:21 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Originally posted by narcismo:
Originally posted by 2oldGeek:
If you were able to burn the cd from that computer, it's probably ok to run it..
The only thing I was concerned about was your MBR boot record. Does it boot and load the windows OK? If it boots ok then it's your choice.. If I had trouble with it booting, I'd run it....

Edit I decided to skip the otl fix for the moment and see how you are running and if you have any problems please let me know..


2oG
Hi 2oG, sorry for the slow reply, it's been one of those days. I haven't had a chance to make a rescue disk from a different machine yet. Not enough hours in the day.
However I had no trouble at all making one with this machine. My comp boots just fine, never had trouble in that area. I'll boot up from the rescue disk if you want. Unless you have a different idea.
Honestly it's been running fine, not sure for how long, but so far so good.
Let me know what your thinking, thanks again.
Narcismo
Yeah, I know what you mean about one of those days. me too

I wouldn't worry about doing anything else if it seems to be running ok without errors.
Just let it be for a few days and if no problems show up skip the rescue. If it does give problems, you can always run it. Then give me a shout on here...

Happy Computing,
2oG

Will do...and thanks again for your help.
Get some R&R. I'll give you a post in a few days. Best wishes.
Narcismo
Advertisement
_
__
 
_
AfterDawn Addict
_
23. September 2013 @ 15:02 _ Link to this message    Send private message to this user   
Hi narcismo,
As I said:
Originally posted by 2oldGeek:
The only thing I was concerned about was your MBR boot record.

Since then, I have done some research and benefited from it. There is a lot of new malware out there and a few changes have been made to OTL that I was unaware off.

After finding out these things, I reviewed your OTL Log and discovered some things that really need to be fixed so they don?t come back to haunt you.

As I stated before, please run the Avira Rescue Disk so it can repair your MBR (master boot record) per the instructions on the tutorial I had you download here -> http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

After that, post back to me the outcome and I will give you more instructions.

Like I said before I prefer all the machines I clean to be like an ?Old maids parlor? that is, clean enough to eat off the floor. Lol

Let me hear from you,
2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > i got a tough one to remove....
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork