Malware - Search Results Redirected

[ShinyGunz]

Was there supposed to be an Extras log with that scan?

 

[ken545]

No need for the extras log right now

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
  
  :Services
  
  :Reg
  
  :Files
  
  
  :Commands
  [purity]
  [emptytemp]
  [RESETHOSTS]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Fcopy::

Fcopy::
C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe | c:\windows\System32\ctfmon.exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

 

[ShinyGunz]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JUSTIN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Home
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 967758 bytes
->Java cache emptied: 35706101 bytes
->FireFox cache emptied: 84367661 bytes
->Flash cache emptied: 4973155 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 534747 bytes
->FireFox cache emptied: 7666263 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 7314 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4012892 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55413 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 17308444 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 150528 bytes

Total Files Cleaned = 149.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_041949

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2f0.dat not found!

Registry entries deleted on Reboot...


OTL Log:

OTL logfile created on: 12/1/2010 4:27:31 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 399.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 23.43 Gb Free Space | 15.72% Space Free | Partition Type: NTFS
Drive D: | 641.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JUSTIN | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
PRC - C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
PRC - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\iolo\Common\Lib\sguard.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_5632d69.dll ()
SRV - (IOLO_SRV) -- C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe ()
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NACAgent) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe ()
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)


========== Driver Services (SafeList) ==========

DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (LMouKE) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys File not found
DRV - (L8042mou) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys File not found
DRV - (L8042Kbd) -- C:\WINDOWS\System32\Drivers\L8042Kbd.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Home\LOCALS~1\Temp\catchme.sys File not found
DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)
DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (XPacket) -- C:\WINDOWS\System32\xpacket.sys (iolo technologies, LLC)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (BS_I2cIo) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys (BIOSTAR Group)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="

FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.mywebstart.net/?sid=10101070100&s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/30 20:42:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/30 20:41:58 | 000,000,000 | ---D | M]

[2008/06/06 22:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2010/11/30 20:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions
[2009/06/25 16:32:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/07/20 21:41:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/17 13:14:24 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/09/01 23:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
[2010/11/30 20:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/08 22:48:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2010/03/28 22:07:33 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2006/10/12 17:18:00 | 001,245,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2006/10/12 17:17:00 | 000,003,072 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2006/02/13 12:07:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2010/11/11 17:26:20 | 000,002,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/12/01 04:21:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [iolo Personal Firewall] C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} http://www.gamescampus.com/luncher/GamesCampus.cab (GamesCampus Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231906288484 (MUWebControl Class)
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} http://www.ultimatebaseballonline.com/myubo/launchubo.OCX (LaunchUBO.Ulit)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.1.30.43 69.1.30.42
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/08 21:29:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/01/08 21:06:18 | 000,000,040 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 04:19:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/01 03:14:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/29 19:48:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/29 19:43:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/29 19:43:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/29 19:43:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/29 19:43:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/29 19:40:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/29 13:10:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/27 03:24:23 | 000,000,000 | ---D | C] -- C:\1b9f1bf7642a71ad6970b768
[2010/11/27 03:18:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/27 03:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/27 03:16:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/11/26 02:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/11/26 01:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/11/26 01:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/26 01:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/26 00:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/26 00:31:08 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/25 23:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/25 23:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/11/04 13:35:48 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/09/03 16:10:04 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\sbcrreag.dll
[2008/05/26 16:04:43 | 000,372,736 | ---- | C] (Intel Corporation) -- C:\Program Files\ijl15.dll
[2008/05/26 16:04:43 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll

========== Files - Modified Within 30 Days ==========

[2010/12/01 04:34:41 | 000,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/12/01 04:31:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/12/01 04:23:59 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/12/01 04:23:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/01 04:23:31 | 000,244,486 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/01 04:23:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/01 04:23:17 | 1072,943,104 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/01 04:21:51 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/01 03:10:58 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\SystemLook.exe
[2010/12/01 03:06:57 | 000,444,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/01 03:06:57 | 000,072,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/30 19:59:27 | 003,982,824 | R--- | M] () -- C:\Documents and Settings\Home\Desktop\ComboFix.exe
[2010/11/29 19:48:16 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010/11/29 13:10:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe
[2010/11/28 22:52:14 | 004,159,246 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/27 03:17:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/27 03:16:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Home\Desktop\erunt-setup.exe
[2010/11/26 15:52:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/26 00:59:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/26 00:35:35 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:31:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Home\Desktop\spybotsd162.exe
[2010/11/11 15:33:16 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/11 03:39:33 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:57:03 | 072,343,566 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

========== Files Created - No Company Name ==========

[2010/12/01 03:11:01 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\SystemLook.exe
[2010/11/30 19:59:24 | 003,982,824 | R--- | C] () -- C:\Documents and Settings\Home\Desktop\ComboFix.exe
[2010/11/30 16:35:39 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/11/29 19:48:15 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/11/29 19:48:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/29 19:43:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/29 19:43:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/29 19:43:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/29 19:43:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/29 19:43:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/28 22:52:14 | 004,159,246 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 3.pdf
[2010/11/28 22:52:05 | 000,226,370 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 2.pdf
[2010/11/28 22:51:51 | 000,231,333 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\test 1.pdf
[2010/11/27 03:17:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\ERUNT.lnk
[2010/11/26 01:31:35 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\VersionCheck.job
[2010/11/26 01:31:06 | 000,763,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\tjjntrciv.sys
[2010/11/26 00:35:35 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Spybot - Search & Destroy.lnk
[2010/11/26 00:32:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 15:27:52 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real Word Speaking Notes.doc
[2010/11/11 03:56:35 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Visual Aid.ppt
[2010/11/10 23:17:44 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Real World Speech.doc
[2010/11/08 17:53:25 | 072,343,566 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\2009_01_04_zm_beta_121_full.exe
[2010/09/29 12:05:30 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/29 12:05:29 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/09/09 20:11:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2010/09/09 20:11:43 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2010/09/09 20:11:43 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2010/07/09 13:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/04/27 22:32:43 | 000,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/27 19:43:51 | 000,004,764 | -HS- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\qadX88Alu
[2009/11/02 00:19:30 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/08/22 19:25:58 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/07/30 19:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/11 00:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\leverage.drm.log
[2009/05/26 23:22:39 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/02/14 20:44:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/10 11:40:18 | 919,260,488 | ---- | C] () -- C:\Program Files\2MOONSExpedition.exe.downloading
[2009/01/06 16:50:58 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/01/06 15:41:36 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/13 12:46:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/23 23:26:04 | 000,000,001 | ---- | C] () -- C:\Program Files\Status.inf
[2008/06/23 23:18:03 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.SIG
[2008/06/23 23:18:02 | 000,449,563 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RES
[2008/06/23 23:17:59 | 001,281,785 | ---- | C] () -- C:\Program Files\v17-7-3_EP1-v17-8-0_EP1.RTP
[2008/06/23 23:17:59 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.SIG
[2008/06/23 23:17:58 | 000,095,018 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RTP
[2008/06/23 23:17:58 | 000,000,016 | ---- | C] () -- C:\Program Files\v17-7-2_EP1-v17-7-3_EP1.RES
[2008/06/23 23:17:57 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.SIG
[2008/06/23 23:17:56 | 000,237,764 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RES
[2008/06/23 23:17:56 | 000,084,357 | ---- | C] () -- C:\Program Files\v17-7-1_EP1-v17-7-2_EP1.RTP
[2008/06/23 23:17:55 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.SIG
[2008/06/23 23:17:54 | 000,031,308 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RTP
[2008/06/23 23:17:54 | 000,008,196 | ---- | C] () -- C:\Program Files\v17-7-0_EP1-v17-7-1_EP1.RES
[2008/06/23 23:17:53 | 000,000,196 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.SIG
[2008/06/23 23:17:01 | 033,250,935 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RES
[2008/06/23 23:16:41 | 013,378,045 | ---- | C] () -- C:\Program Files\v17-6-4_EP1-v17-7-0_EP1.RTP
[2008/05/26 16:06:40 | 514,337,164 | ---- | C] () -- C:\Program Files\data4.pck
[2008/05/26 16:06:01 | 629,164,503 | ---- | C] () -- C:\Program Files\data3.pck
[2008/05/26 16:05:22 | 629,175,968 | ---- | C] () -- C:\Program Files\data2.pck
[2008/05/26 16:04:43 | 629,147,117 | ---- | C] () -- C:\Program Files\data1.pck
[2008/05/26 16:04:43 | 001,196,032 | ---- | C] () -- C:\Program Files\install.exe
[2008/05/26 16:04:43 | 001,080,216 | ---- | C] () -- C:\Program Files\check.md
[2008/05/26 16:04:43 | 000,052,156 | ---- | C] () -- C:\Program Files\Copyright.txt
[2008/05/26 16:04:43 | 000,004,968 | ---- | C] () -- C:\Program Files\install.ini
[2008/05/26 16:04:43 | 000,004,150 | ---- | C] () -- C:\Program Files\icon.ico
[2008/05/03 14:37:24 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/11/27 13:46:26 | 000,000,377 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/11/27 13:46:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2007/11/27 13:46:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2007/11/27 13:45:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2007/11/11 22:53:28 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Home\Application Data\PnkBstrK.sys
[2007/10/22 04:03:08 | 001,698,816 | ---- | C] () -- C:\Program Files\Microsoft_DirectX_SDK.msi
[2007/10/11 22:01:22 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/17 13:01:24 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/06/17 12:33:34 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/17 12:33:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/14 15:57:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/14 15:57:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/09 23:10:33 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/01/27 12:49:35 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/27 00:35:22 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/06 21:17:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/29 23:49:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/09 05:14:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/08 21:45:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/12/08 21:39:37 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/10/20 21:32:30 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/20 21:32:30 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/20 21:32:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/20 21:32:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/20 21:32:26 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/20 21:32:26 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP06A4C76
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613

< End of report >

 

[ShinyGunz]

ComboFix 10-11-30.05 - Home 12/01/2010 4:46.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.483 [GMT -6:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Home\Desktop\CFScript.txt
AV: System Shield *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: iolo Personal Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://download.iolo.net
.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\ctfmon.exe --> c:\windows\System32\ctfmon.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))
.

2010-12-01 10:46 . 2006-02-28 12:00 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2010-12-01 10:46 . 2006-02-28 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
2010-12-01 10:19 . 2010-12-01 10:19 -------- d-----w- C:\_OTL
2010-12-01 02:41 . 2010-12-01 02:41 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-12-01 02:41 . 2010-12-01 02:41 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-11-27 09:24 . 2010-11-27 09:24 -------- d-----w- C:\1b9f1bf7642a71ad6970b768
2010-11-27 09:17 . 2010-11-27 09:17 -------- d-----w- c:\program files\ERUNT
2010-11-26 08:09 . 2010-11-26 08:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-11-26 07:31 . 2010-12-01 11:02 763904 ----a-w- c:\windows\system32\drivers\tjjntrciv.sys
2010-11-26 07:29 . 2010-11-26 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WSTB
2010-11-26 06:35 . 2010-11-26 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-26 06:35 . 2010-11-26 06:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-04 19:35 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-04 19:35 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 18:11 . 2008-08-07 02:44 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-18 17:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 02:11 . 2010-09-10 02:11 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-09-10 02:11 . 2010-09-10 02:11 31744 ----a-w- c:\windows\system32\maplec.dll
2010-09-10 02:11 . 2010-09-10 02:11 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-09-09 13:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-05 21:01 . 2010-09-05 21:01 967 ----a-w- c:\windows\ScUnin.pif
2010-09-05 21:01 . 2010-09-05 21:01 94208 ----a-w- c:\windows\ScUnin.exe
2007-10-22 10:03 . 2007-10-22 10:03 1698816 ----a-w- c:\program files\Microsoft_DirectX_SDK.msi
2007-09-19 04:41 . 2008-05-26 22:04 258352 ----a-w- c:\program files\unicows.dll
2007-09-19 04:41 . 2008-05-26 22:04 1196032 ----a-w- c:\program files\install.exe
2007-09-19 04:41 . 2008-05-26 22:04 372736 ----a-w- c:\program files\ijl15.dll
2006-10-12 23:17 . 2006-12-23 20:50 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2006-02-13 18:07 . 2006-12-23 20:50 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"SystemGuardAlerter"="c:\program files\iolo\System Mechanic Professional\SystemGuardAlerter.exe" [2010-04-21 520616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2010-07-15 1335976]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Registration Tom Clancy's Rainbow Six]
backup=c:\windows\pss\Registration Tom Clancy's Rainbow SixStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 21:27 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe"
"<NO NAME>"=
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\America's Army\\System\\Server.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.2\\cnc3game.dat"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\source sdk base\\hl2.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\half-life 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\Personal Firewall\\ioloFW.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Subagames\\Metin2\\metin2.bin"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\teci\\Metin2\\metin2.bin"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\sn1per9mm\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\DFO\\DFO.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\TorchED\\Editor.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Corporation\\Tinker\\Tinker.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moron1991alpha\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57938:TCP"= 57938:TCPando Media Booster
"57938:UDP"= 57938:UDPando Media Booster
"58708:TCP"= 58708:TCPando Media Booster
"58708:UDP"= 58708:UDPando Media Booster
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [1/6/2009 4:50 PM 39424]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/6/2008 8:39 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [8/6/2008 9:54 PM 8192]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [5/26/2009 11:22 PM 33824]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 6:00 AM 14336]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 5:25 PM 122408]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 5:25 PM 1117224]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/6/2009 4:50 PM 704432]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 5:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 5:11 PM 117288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/6/2008 8:50 PM 38176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/19/2008 4:33 PM 1684736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 5:11 PM 113192]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [11/21/2009 8:35 PM 742144]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
*Deregistered* - tjjntrciv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-12-01 c:\windows\Tasks\VersionCheck.job
- c:\documents and settings\All Users\Application Data\WSTB\localeX86.exe [2010-11-11 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubCX
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\moveplayer@movenetworks.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\n035vr4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-01 05:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tjjntrciv]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1606980848-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a3,50,3d,be,28,83,ef,e5,a6,16,59,d2,7c,c8,2e,8a,70,c5,af,80,d5,2c,c7,
d9,9a,2f,9d,9b,5b,97,5e,99,6d,6d,0a,10,16,6e,e4,5b,87,62,28,89,04,00,58,50,\
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\iavlsp.dll
c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll

- - - - - - - > 'explorer.exe'(2032)
c:\windows\system32\WININET.dll
c:\program files\iolo\Common\Lib\sguard.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\iolo\System Mechanic Professional\IoloSGCtrl.exe
c:\windows\system32\wscntfy.exe
c:\program files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-12-01 05:09:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-01 11:09
ComboFix2.txt 2010-12-01 02:18
ComboFix3.txt 2010-11-30 02:28

Pre-Run: 25,128,951,808 bytes free
Post-Run: 25,106,956,288 bytes free

- - End Of File - - B49F181DEB51B57C26C11DEA616FC514

 

[ken545]

Your log appears ok but with the amount of games on your system I need to look through it a little closer.

Let me know how things are running now ???



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
    
12. Push
    
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the
    
    button.
14. Push
    

 

[ShinyGunz]

Computer has been running much better now. I haven't noticed any problems. Here are the results of the ESET scan:

C:\Program Files\Kustom Appz Software\TWL AA Cheat Deterrent Client\AACDC.exe probably a variant of Win32/Genetik trojan
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Olmarik.ADA trojan

 

[ken545]

Good Morning

Glad things are back to normal for you.


Kustom Appz Software <-- This appears related to your games and is most likely ok, if you dont use it then uninstall it.

The other file in Qoobox is just the back up of what Combofix removed. It will be removed when we clean up .


Open OTL and click on the Cleanup Feature and it will remove the programs we used to clean your system along with there backups.

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[ShinyGunz]

I can't thank you enough for helping fix my computer. Now that I no longer am getting redirected I can finally access my school websites to continue to study at home for my remaining finals.

 

[ken545]

Your very welcome

Take care,
Ken

 

[ken545]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.