1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

BIG PROBLEM, HijackThis scan log

Discussion in 'Virus & Other Malware Removal' started by blueguykisame, Dec 22, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. blueguykisame

    blueguykisame Thread Starter

    Joined:
    Dec 22, 2009
    Messages:
    13
    Continuing from my previous thread ( http://forums.techguy.org/general-security/887655-big-problem-need-help.html ),

    Here is my HijackThis scan log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:44:12 PM, on 12/22/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\regedit.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://funnylogo.info/engines/matrix/grass/Matrix%20Google.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237685002687
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O24 - Desktop Component 0: (no name) - http://isogaming.net/clientscript/vbulletin_global.js?v=382

    --
    End of file - 5061 bytes


    What options should I choose next? what should be checked and fixed?
    Please, be specific! I need step-by-step help!!!!!

    Thank you SO Much For Your Time!!!

    [edit] Any other scans that I should do???
     
  2. blueguykisame

    blueguykisame Thread Starter

    Joined:
    Dec 22, 2009
    Messages:
    13
    Malwarebytes' Anti-Malware 1.42
    Database version: 3413
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/23/2009 1:14:28 AM
    mbam-log-2009-12-23 (01-14-16).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 258361
    Time elapsed: 1 hour(s), 45 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 21
    Files Infected: 101

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> No action taken.

    Files Infected:
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{30EEC142-CE3C-4C45-A526-C69307D90A0A}\RP231\A0120216.exe (Adware.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{30EEC142-CE3C-4C45-A526-C69307D90A0A}\RP221\A0104656.DLL (Adware.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{30EEC142-CE3C-4C45-A526-C69307D90A0A}\RP221\A0106675.dll (Adware.MyWebSearch) -> No action taken.
    C:\System Volume Information\_restore{5B16D7CA-CAE6-4445-8533-4FDABA57FEDF}\RP185\A0037561.exe (Rogue.Installer) -> No action taken.
    C:\Documents and Settings\Karson\Desktop\PSP\USRDIR\TXD\MPLOAD4.CHK (Spyware.OnlineGames) -> No action taken.
    C:\Documents and Settings\Karson\Desktop\Adobe Photoshop CS4\App\Photoshop\Plug-ins\Filters\Color Halftone.8BF (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Karson\Desktop\Adobe Photoshop CS4\App\Photoshop\Plug-ins\Filters\NTSC Colors.8BF (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Karson\Desktop\Adobe Photoshop CS4\App\Photoshop\Plug-ins\Filters\Shear.8BF (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Karson\Desktop\Adobe Photoshop CS4\App\Photoshop\Plug-ins\Filters\Tiles.8BF (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Karson\Desktop\Adobe Photoshop CS4\App\Photoshop\Plug-ins\Image Stacks\statistics.8BA (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Karson\Desktop\Adobe Photoshop CS4\App\Photoshop\Plug-ins\Import-Export\Paths to Illustrator.8BE (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0010CF96.urr (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\001653A3.urr (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Shared\002D519F.dat (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\0002863D (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\000E13C2 (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\0011AFC5.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\0011BE4C.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\0011C5BE.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\0011CBF8.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\0040CB76.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\0040D2F8.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\0074D0D8.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\0074D80C.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\0074DF01.bin (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\012DE3C0 (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
    C:\Program Files\owcstp16.dll (Spyware.OnlineGames) -> No action taken.
     
  3. blueguykisame

    blueguykisame Thread Starter

    Joined:
    Dec 22, 2009
    Messages:
    13
    I'm having trouble with my GMER AntiRootKit scan, everytime it scans, at some point about 10 minutes into the scan, everything goes away off my screen except my wallpaper, and the computer is frozen.
    (no toolbar no GMER window, no icons, etc.) (cannot do CTRL ALT DEL.) So I am forced to manually reboot my computer. I turn off my norton and disconnect from the internet, what could be wrong?
    Please Help!!

    [edit] oh and should I do another Malware Bytes scan and fix all of those broken files (37 I think)?
     
  4. blueguykisame

    blueguykisame Thread Starter

    Joined:
    Dec 22, 2009
    Messages:
    13
    In case this helps,
    OTL Scan Log (OTL)

    OTL logfile created on: 12/23/2009 9:51:23 AM - Run 1
    OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\KARSON.CKJERGAARD\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 518.00 Mb Available Physical Memory | 51.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 53.62 Gb Free Space | 35.98% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CKJERGAARD
    Current User Name: KARSON
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2009/12/23 09:49:14 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\OTL.exe
    PRC - [2009/12/20 14:52:11 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009/12/19 21:16:07 | 02,935,480 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
    PRC - [2009/08/22 01:32:54 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
    PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
    PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe


    ========== Modules (SafeList) ==========

    MOD - [2009/12/23 09:49:14 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\OTL.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2009/08/22 01:32:54 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe -- (Norton AntiVirus)
    SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2009/06/02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
    SRV - [2005/05/20 13:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver)
    SRV - [2004/10/16 08:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)
    SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - [2009/10/28 17:37:22 | 00,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2009/09/08 20:59:24 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2009/09/08 20:58:56 | 00,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\ccHPx86.sys -- (ccHP)
    DRV - [2009/08/27 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2009/08/27 03:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/08/25 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091222.048\NAVEX15.SYS -- (NAVEX15)
    DRV - [2009/08/25 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091222.048\NAVENG.SYS -- (NAVENG)
    DRV - [2009/08/22 01:32:55 | 00,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1007020.00B\SYMEFA.SYS -- (SymEFA)
    DRV - [2009/08/22 01:32:55 | 00,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SRTSP.SYS -- (SRTSP)
    DRV - [2009/08/22 01:32:55 | 00,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2009/08/22 01:32:55 | 00,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMTDI.SYS -- (SYMTDI)
    DRV - [2009/08/22 01:32:55 | 00,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMFW.SYS -- (SYMFW)
    DRV - [2009/08/22 01:32:55 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1007020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2009/08/22 01:32:55 | 00,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMNDIS.SYS -- (SYMNDIS)
    DRV - [2009/08/22 01:32:55 | 00,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1007020.00B\SYMIDS.SYS -- (SYMIDS)
    DRV - [2009/08/22 01:32:45 | 00,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
    DRV - [2009/08/22 01:32:45 | 00,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
    DRV - [2008/04/16 14:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
    DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
    DRV - [2006/10/22 11:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2006/05/30 06:53:18 | 00,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
    DRV - [2005/11/21 00:48:21 | 00,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2004/10/08 07:01:47 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
    DRV - [2004/10/08 07:01:47 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV - [2004/08/18 18:21:00 | 00,189,568 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2004/08/03 17:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFDPSP2.sys -- (HSF_DP)
    DRV - [2004/08/03 17:41:56 | 00,011,868 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2004/08/03 17:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFCXTS2.sys -- (winachsf)
    DRV - [2004/08/03 17:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFBS2S2.sys -- (HSFHWBS2)
    DRV - [1997/04/22 13:16:00 | 00,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://funnylogo.info/engines/matrix/grass/Matrix Google.aspx
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.shinysearch.com/myhome.php?style=burning-guitar&ltext=Google"
    FF - prefs.js..extensions.enabledItems: [email protected]:0.3.1
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.0
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.5
    FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/20 14:52:19 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/20 14:52:19 | 00,000,000 | ---D | M]

    [2009/07/27 17:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Extensions
    [2009/12/22 21:33:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions
    [2009/07/28 08:55:54 | 00,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
    [2009/12/12 09:40:50 | 00,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
    [2009/12/12 09:40:44 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/12/12 09:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions\[email protected]
    [2009/07/28 08:55:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions\[email protected]
    [2009/12/12 09:40:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions\[email protected]
    [2009/07/28 08:56:04 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
    [2009/07/28 08:56:04 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
    [2009/07/28 08:56:04 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
    [2009/07/28 08:56:05 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Mozilla\Firefox\Profiles\9tq12jc0.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
    [2009/12/22 21:33:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/12/13 23:37:49 | 00,135,168 | ---- | M] (FreshDevices Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npfd.dll
    [2009/12/19 21:15:03 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
    [2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

    O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [LogonStudio] C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237685002687 (MUWebControl Class)
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.17.0.cab (Battlefield Heroes Updater)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.82.4.8
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
    O24 - Desktop Components:0 () - http://isogaming.net/clientscript/vbulletin_global.js?v=382
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/01/02 13:04:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/12/23 09:49:10 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\OTL.exe
    [2009/12/22 22:59:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Malwarebytes
    [2009/12/22 22:59:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/12/22 22:59:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    [2009/12/22 22:59:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/12/22 22:59:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/12/22 22:43:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/12/22 22:40:30 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\mbam-setup.exe
    [2009/12/22 22:39:33 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\HJTsetup.exe
    [2009/12/22 20:52:05 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
    [2009/12/20 15:21:51 | 00,000,000 | ---D | C] -- C:\Nexon
    [2009/12/20 14:50:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\MapleStory
    [2009/12/19 21:32:23 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
    [2009/12/19 21:32:23 | 00,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll
    [2009/12/19 21:32:17 | 00,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
    [2009/12/19 21:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Local Settings\Application Data\PMB Files
    [2009/12/19 21:16:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files
    [2009/12/19 14:24:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
    [2009/12/19 14:24:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Local Settings\Application Data\PC_Drivers_Headquarters
    [2009/12/19 14:07:46 | 00,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
    [2009/12/17 07:56:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\Karen Doncuments
    [2009/12/08 22:02:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\ImTOO Software Studio
    [2009/12/08 21:43:15 | 00,000,000 | ---D | C] -- C:\Program Files\DoremiSoft
    [2009/12/08 21:02:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\DeepBurner
    [2009/12/08 19:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Local Settings\Application Data\WMTools Downloaded Files
    [2009/12/08 19:01:06 | 00,000,000 | R--D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\My Videos
    [2009/12/08 19:01:06 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
    [2009/12/06 11:42:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\ID3 renamer
    [2009/12/06 10:53:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Local Settings\Application Data\Adobe
    [2009/12/04 21:45:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\bang
    [2009/12/04 19:32:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KARSON.CKJERGAARD\Application Data\Adobe
    [2008/12/28 01:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Hagel Technologies
    [2008/09/05 10:07:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2008/01/20 17:56:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2008/01/02 13:04:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2008/01/02 13:04:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2009/12/23 09:49:14 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\OTL.exe
    [2009/12/23 09:31:46 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
    [2009/12/23 09:31:45 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2009/12/23 09:31:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/12/23 09:31:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/12/23 09:31:23 | 10,730,08640 | -HS- | M] () -- C:\hiberfil.sys
    [2009/12/23 09:11:31 | 00,013,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/12/22 22:59:19 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/12/22 22:57:53 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\shxmd7n1.exe
    [2009/12/22 22:43:56 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\HijackThis.lnk
    [2009/12/22 22:43:43 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\mbam-setup.exe
    [2009/12/22 22:39:47 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\HJTsetup.exe
    [2009/12/22 20:51:44 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Local Settings\Application Data\IconCache.db
    [2009/12/20 15:21:39 | 04,878,336 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\ntuser.dat
    [2009/12/20 00:50:21 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\ntuser.ini
    [2009/12/20 00:49:20 | 03,518,739 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\Tekken3.psd
    [2009/12/20 00:47:09 | 00,231,191 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\Tekken2.jpg
    [2009/12/20 00:46:47 | 00,224,749 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\Tekken1.jpg
    [2009/12/20 00:46:07 | 00,240,150 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\Tekken.jpg
    [2009/12/19 13:38:52 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Setup
    [2009/12/17 08:09:02 | 04,775,936 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Lil Wayne - Fix My Hat.mp3
    [2009/12/17 08:06:11 | 05,421,056 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Sean Kingston (Feat. Lil Wayne) - I'm At War.mp3
    [2009/12/16 22:39:56 | 06,537,216 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Tupac Lord knows.mp3
    [2009/12/16 22:29:14 | 06,737,920 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\eminem ft 2pac - murder murder.mp3
    [2009/12/16 22:19:40 | 05,625,856 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Obie Trice feat. Eminem - Rap name(HD).mp3
    [2009/12/12 17:14:55 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\Chirtsmas List [2009].doc
    [2009/12/09 07:08:07 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/09 06:11:56 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/12/09 06:11:56 | 00,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/12/09 06:11:56 | 00,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/12/08 23:57:33 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/12/08 19:55:19 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\DVDVideoSoft Free Studio.lnk
    [2009/12/04 19:17:01 | 07,331,457 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\Untitled-1.psd
    [2009/12/04 04:51:14 | 00,248,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/12/03 19:56:06 | 00,063,040 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/11/28 21:57:19 | 00,000,063 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\jagex_runescape_preferences2.dat
    [2009/11/28 21:48:07 | 00,000,038 | ---- | M] () -- C:\Documents and Settings\KARSON.CKJERGAARD\jagex_runescape_preferences.dat
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========
     
  5. blueguykisame

    blueguykisame Thread Starter

    Joined:
    Dec 22, 2009
    Messages:
    13
    (OTL SCAN: OTL CONTINUED)


    [2009/12/22 22:59:19 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/12/22 22:57:52 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\shxmd7n1.exe
    [2009/12/22 22:43:56 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\HijackThis.lnk
    [2009/12/22 21:11:57 | 10,730,08640 | -HS- | C] () -- C:\hiberfil.sys
    [2009/12/20 15:21:38 | 04,878,336 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\ntuser.dat
    [2009/12/20 00:49:18 | 03,518,739 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\Tekken3.psd
    [2009/12/20 00:47:08 | 00,231,191 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\Tekken2.jpg
    [2009/12/20 00:46:46 | 00,224,749 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\Tekken1.jpg
    [2009/12/20 00:46:05 | 00,240,150 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\Tekken.jpg
    [2009/12/19 13:38:52 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Setup
    [2009/12/19 13:35:58 | 04,213,248 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\topazvivacitysetup.msi
    [2009/12/17 08:08:47 | 04,775,936 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Lil Wayne - Fix My Hat.mp3
    [2009/12/17 08:05:54 | 05,421,056 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Sean Kingston (Feat. Lil Wayne) - I'm At War.mp3
    [2009/12/16 22:39:37 | 06,537,216 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Tupac Lord knows.mp3
    [2009/12/16 22:28:52 | 06,737,920 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\eminem ft 2pac - murder murder.mp3
    [2009/12/16 22:19:22 | 05,625,856 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Obie Trice feat. Eminem - Rap name(HD).mp3
    [2009/12/04 23:38:38 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\DVDVideoSoft Free Studio.lnk
    [2009/12/04 19:16:56 | 07,331,457 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\Untitled-1.psd
    [2009/12/03 19:48:54 | 00,000,359 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Desktop\Fonts control panel.lnk
    [2009/11/26 21:13:37 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\My Documents\Chirtsmas List [2009].doc
    [2009/09/23 18:46:09 | 00,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
    [2009/09/23 18:45:56 | 00,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
    [2009/07/03 10:40:15 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\KARSON.CKJERGAARD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/03 10:41:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
    [2009/04/19 17:30:42 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
    [2009/03/21 19:41:08 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2009/03/21 12:20:07 | 00,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
    [2009/03/14 12:00:27 | 00,002,945 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2009/03/14 12:00:16 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2009/03/09 16:47:45 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/01/15 14:04:05 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/10/22 11:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/10/22 11:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/01/06 13:09:16 | 01,966,080 | ---- | C] () -- C:\WINDOWS\System32\tlpsplib10.dll
    [2004/10/08 07:01:47 | 00,001,016 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2003/03/21 16:37:56 | 00,016,056 | ---- | C] () -- C:\Program Files\owcstp16.dll
    [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:30FD0CBD
    < End of report >
     
  6. blueguykisame

    blueguykisame Thread Starter

    Joined:
    Dec 22, 2009
    Messages:
    13
    Now, OTL Scan: Extras


    OTL Extras logfile created on: 12/23/2009 9:51:23 AM - Run 1
    OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\KARSON.CKJERGAARD\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 518.00 Mb Available Physical Memory | 51.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 53.62 Gb Free Space | 35.98% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CKJERGAARD
    Current User Name: KARSON
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "58480:TCP" = 58480:TCP:*:Enabled:pando Media Booster
    "58480:UDP" = 58480:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "80:TCP" = 80:TCP:*:Enabled:pSN 80
    "443:TCP" = 443:TCP:*:Enabled:pSN 443
    "5223:TCP" = 5223:TCP:*:Enabled:pSN 5223
    "5223:UDP" = 5223:UDP:*:Enabled:pSN 5223
    "3478:UDP" = 3478:UDP:*:Enabled:pSN 3478
    "3479:UDP" = 3479:UDP:*:Enabled:pSN 3479
    "3658:UDP" = 3658:UDP:*:Enabled:pSN 3658
    "58480:TCP" = 58480:TCP:*:Enabled:pando Media Booster
    "58480:UDP" = 58480:UDP:*:Enabled:pando Media Booster
    "57646:TCP" = 57646:TCP:*:Enabled:pando Media Booster
    "57646:UDP" = 57646:UDP:*:Enabled:pando Media Booster

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C13A8E73-7E98-4295-BA94-6931701CD1F9}" = Topaz Vivacity
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "87D46C3F73EF6B7F5CD27D922EEE14783E1AD3BF" = Windows Driver Package - Sony PSP Type B (11/20/2005 20051120)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Driver Genius Professional Edition 2007_is1" = Driver Genius Professional Edition 2007
    "Free Audio Dub_is1" = Free Audio Dub version 1.5
    "Free DVD Video Burner_is1" = Free DVD Video Burner version 1.2
    "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2
    "Free YouTube Download_is1" = Free YouTube Download 2.3
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
    "LogonStudio" = LogonStudio
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
    "NAV" = Norton AntiVirus
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "SystemRequirementsLab" = System Requirements Lab
    "Uninstall_is1" = Uninstall 1.0.0.1
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    ".titana_cache_32" = .titana_cache_32

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/19/2009 8:55:43 PM | Computer Name = CKJERGAARD | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/19/2009 8:59:13 PM | Computer Name = CKJERGAARD | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/19/2009 8:59:25 PM | Computer Name = CKJERGAARD | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/19/2009 8:59:28 PM | Computer Name = CKJERGAARD | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/19/2009 8:59:39 PM | Computer Name = CKJERGAARD | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/19/2009 9:01:01 PM | Computer Name = CKJERGAARD | Source = Application Hang | ID = 1002
    Description = Hanging application RuneScape.exe, version 1.0.0.1, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 9/19/2009 9:01:03 PM | Computer Name = CKJERGAARD | Source = Application Hang | ID = 1002
    Description = Hanging application RuneScape.exe, version 1.0.0.1, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 9/23/2009 7:22:17 PM | Computer Name = CKJERGAARD | Source = Application Error | ID = 1000
    Description = Faulting application integrator.exe, version 8.0.3300.1, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a1b.

    Error - 9/27/2009 9:16:56 AM | Computer Name = CKJERGAARD | Source = Application Hang | ID = 1002
    Description = Hanging application Photoshop.exe, version 10.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 9/27/2009 9:19:03 AM | Computer Name = CKJERGAARD | Source = Application Hang | ID = 1002
    Description = Hanging application Photoshop.exe, version 10.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 12/22/2009 10:12:17 PM | Computer Name = CKJERGAARD | Source = SRTSP | ID = 524292
    Description = Error loading virus definitions.

    Error - 12/22/2009 10:12:17 PM | Computer Name = CKJERGAARD | Source = SRTSP | ID = 524293
    Description = Error loading Symantec real time Anti-Virus driver.

    Error - 12/22/2009 10:12:17 PM | Computer Name = CKJERGAARD | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.

    Error - 12/22/2009 10:12:17 PM | Computer Name = CKJERGAARD | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
    a page file on the boot partition and that is large enough to contain all physical
    memory.

    Error - 12/22/2009 10:12:31 PM | Computer Name = CKJERGAARD | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SRTSP

    Error - 12/22/2009 11:18:40 PM | Computer Name = CKJERGAARD | Source = SideBySide | ID = 16842810
    Description = Syntax error in manifest or policy file "F:\MSSetupv80.exe" on line
    0.

    Error - 12/22/2009 11:18:40 PM | Computer Name = CKJERGAARD | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for F:\MSSetupv80.exe. Reference
    error message: The operation completed successfully. .

    Error - 12/23/2009 10:11:01 AM | Computer Name = CKJERGAARD | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SRTSP

    Error - 12/23/2009 10:11:15 AM | Computer Name = CKJERGAARD | Source = SRTSP | ID = 524292
    Description = Error loading virus definitions.

    Error - 12/23/2009 10:11:15 AM | Computer Name = CKJERGAARD | Source = SRTSP | ID = 524293
    Description = Error loading Symantec real time Anti-Virus driver.


    < End of report >
     
  7. blueguykisame

    blueguykisame Thread Starter

    Joined:
    Dec 22, 2009
    Messages:
    13
    BUMP
    lol, I guess I'm being a little impatient.
    But I thought I'd add a few extra details.
    I already know that my computer is suffering from a HTTPS Tidserv C and C Domain Request.
    [severity] *High
    [Activity] An Intrusion Attempt By a57990057.cn was blocked. Application path DEVICE\HARDDISKVOLUM1\WINDOWS\SYSTEM32\SVCHOST.EXE
    [status] Blocked.
    [Recommended Action] None.
    [Risk Name] HTTPS Tidserv C and C Domain Request.
    [Attacking Computer] a57990057.cn (212.117.174.176,443)
    [Destination Adress] CKJERGAARD (192.168.1.102, 1051)
    [Source Adress] 212.117.174.176
    [Traffic Description] TCP, https

    That keeps getting blocked from my norton a few times each hour.
    Side effects were not being able to get on my admin user accounts w/o being system restarted within a couple seconds (so I had to go into safemode and reset to a day ago, before i downloaded the viral file.)
    However, Mr. HTTPS Tidserv didn't want to leave just because I reset my computer, and is still happily lurking within my computer.
    Another side effect that is still happening is my google searcher are redirected; when i click on a result i have to stop and enter the adress to avoid being redirected which has never been a problem before, also some other links that I may click on are redirected, and sometimes an ad pops up in a new tab which has never happened. I checked, and alogn with my firefox, this happens on my IE.
     
  8. blueguykisame

    blueguykisame Thread Starter

    Joined:
    Dec 22, 2009
    Messages:
    13
    BUMP
    Norton Anti Virus 2009 Full System Scans don't bring up anything, as expected.
    i'll stop bumping now...
    just kinda eager to get this virus off of my computer.

    [edit] I really want to post this, but I said I wouldn't bump anymore..;

    OK, So The virus is still there (wherever 'there' is...) (Although I haven't heard from it, nothing has removed it. There's still 37 infected files. However, I haven't recently been having any noticeable problems. Last night [after the reset] and early this morning, MSSetupv80.exe (the install for maplestory) could not be started without my computer freezing, but a few (bout 6 or 7) hours ago, [11:10pm atm] it ran and installed just fine. Also, this morning and now there haven't been any redirections from google as there were last night. Also, there were only 2 norton pop-ups notifying me of the defend against that HTTPS Tidserv this morning, and none since...
    Although the virus is still there and could possibly strike at any given moment, it currently seems to have withdrawn itself for now..(?)

    Should this call for a re-scan/ re-log of my computer to see if anything's different? I don't think anything is as nothing has happened. Norton is the only thing with permission to do scans and remove stuff, etc without my direct command to do so... and according to my Norton History, it hasn't deleted or fixed or etc. since the problem occurred, save a couple tracking cookies.

    Just thought I'd share this encase it is useful.
    Oh and.. PLEASE HELP
    :)
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/887719

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice