Jump to content

goawayvirus

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Thank you for directing me to that site. It made me feel better about those files. I'm not completely sure if I am virus free, but things seem to be operating fine now. I will be doing a clean install of windows soon to upgrade to windows 7 anyway. Thanks for everything!
  2. THank you very much for helping me! VirusTotal report: File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: f2ba6f31e7dac6523dba1e5193f57b48 Date first seen: 2009-04-04 02:54:27 (UTC) Date last seen: 2011-04-14 01:53:45 (UTC) Detection ratio: 0/42 I clicked reanalyze: File name: InfDefaultInstall.exe Submission date: 2011-04-15 07:49:10 (UTC) Current status: finished Result: 0/ 42 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.04.15.00 2011.04.15 - AntiVir 7.11.6.133 2011.04.15 - Antiy-AVL 2.0.3.7 2011.04.15 - Avast 4.8.1351.0 2011.04.14 - Avast5 5.0.677.0 2011.04.14 - AVG 10.0.0.1190 2011.04.14 - BitDefender 7.2 2011.04.15 - CAT-QuickHeal 11.00 2011.04.15 - ClamAV 0.97.0.0 2011.04.15 - Commtouch 5.2.11.5 2011.04.15 - Comodo 8347 2011.04.15 - DrWeb 5.0.2.03300 2011.04.15 - Emsisoft 5.1.0.5 2011.04.15 - eSafe 7.0.17.0 2011.04.13 - eTrust-Vet 36.1.8272 2011.04.14 - F-Prot 4.6.2.117 2011.04.14 - F-Secure 9.0.16440.0 2011.04.15 - Fortinet 4.2.257.0 2011.04.15 - GData 22 2011.04.15 - Ikarus T3.1.1.103.0 2011.04.15 - Jiangmin 13.0.900 2011.04.15 - K7AntiVirus 9.96.4382 2011.04.13 - Kaspersky 7.0.0.125 2011.04.15 - McAfee 5.400.0.1158 2011.04.15 - McAfee-GW-Edition 2010.1D 2011.04.15 - Microsoft 1.6702 2011.04.15 - NOD32 6042 2011.04.15 - Norman 6.07.07 2011.04.15 - Panda 10.0.3.5 2011.04.14 - PCTools 7.0.3.5 2011.04.15 - Prevx 3.0 2011.04.15 - Rising 23.53.03.06 2011.04.14 - Sophos 4.64.0 2011.04.15 - SUPERAntiSpyware 4.40.0.1006 2011.04.14 - Symantec 20101.3.2.89 2011.04.15 - TheHacker 6.7.0.1.173 2011.04.13 - TrendMicro 9.200.0.1012 2011.04.15 - TrendMicro-HouseCall 9.200.0.1012 2011.04.15 - VBA32 3.12.16.0 2011.04.13 - VIPRE 9017 2011.04.15 - ViRobot 2011.4.15.4411 2011.04.15 - VirusBuster 13.6.305.0 2011.04.14 - Additional information MD5 : f2ba6f31e7dac6523dba1e5193f57b48 SHA1 : a2285be7a6c785219fa4a62a2dbbd17d3b7dc187 SHA256: eb66d4fe05c793f5633fb4edb37025b6a46b91d71e3b7862e5e5f87c42d97d1c After my first post, I tried running rkill a few more times, and a C:\Windows\SysWOW64\runonce.exe showed up several times. Its VirusTotal result is also 0%, and the same with conime.exe. The last rkill report: Processes terminated by Rkill or while it was running: C:\Windows\SysWOW64\InfDefaultInstall.exe C:\Windows\SysWOW64\runonce.exe Rkill completed on 04/15/2011 at 3:48:36. I know running rkill is unnecessary if my anti-virus softwares run, but before I noticed my computer acting slow/weird rkill always finished within 5seconds and only terminates itself. It takes a while for it to finish now, and always listing these processes. I really don't know what I'm doing regarding viruses and how to tell if my computer is clean. MBAM says my computer is clean, Avira gives me a couple spyware in temp folders. Can you help me make sure nothing's wrong (and I'm just being dumb)? Thanks a lot!
  3. Hello I did a windows update with several updates and restarted my computer yesterday. When it rebooted, I noticed it was running very slow and freezing up. I updated MBAM and scanned, but got no results. I downloaded rkill and ran it in safe mode and it killed 3 "conime" exe's; I ran MBAM immediately following and still no results. I ran rkill again, and this time (and all following attempts) it killed "C:\Windows\SysWOW64\InfDefaultInstall.exe". MBAM still shows nothing. Avira found C:\Program Files (x86)\Common Files\MS\MSOLEDEBROW.DLL (amongst false hits), and quarantined it. rkill is still killing processes that appear in the SysWOW64 folder, and I don't know what else may be lurking on my computer. This is my play computer; I mostly play games, surf the internet, chat, and do light work on it. I simply replaced instances of my name with "Owner" (for privacy) using Notepad in the logs--I hope that's okay. Please help me determine what's wrong! Thank you! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6359 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 4/14/2011 3:03:04 AM mbam-log-2011-04-14 (03-03-04).txt Scan type: Quick scan Objects scanned: 163816 Time elapsed: 2 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by Owner at 2:09:50.78 on Thu 04/14/2011 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21 Microsoft Attach.zip
  4. That did it! I went into the security settings and gave myself all permissions again, so now everything seems back to normal. I haven't noticed any search redirects anymore so far either. Thank you so much for fixing my computer!
  5. I also noticed that my "Documents and settings" folder is hidden and gives "Access is denied" message, although mbam seems to give me clean results now. What should I do next? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4594 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 9/11/2010 2:24:08 PM mbam-log-2010-09-11 (14-24-08).txt Scan type: Quick scan Objects scanned: 137313 Time elapsed: 3 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Quarantined and deleted successfully. OTL quick scan log: OTL logfile created on: 9/11/2010 2:25:14 PM - Run 6 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free 8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 4.99 Gb Free Space | 1.07% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACORN Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010/04/28 21:17:13 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\SwitchDesk.exe PRC - [2009/08/24 16:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe PRC - [2008/04/24 21:46:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe PRC - [2008/04/24 21:46:32 | 000,116,224 | ---- | M] (VirtuaWin) -- C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe ========== Modules (SafeList) ========== MOD - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc) SRV:64bit: - [2008/09/02 07:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\cypherixsrv.exe -- (cypherixservice) SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009/11/28 16:40:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/05/03 13:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [On_Demand | Stopped] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt) SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2006/12/10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp) DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\FDCENT.SYS -- (FDCENT) DRV:64bit: - [2010/05/01 00:44:31 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133) DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009/08/26 19:06:36 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/08/14 22:06:34 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2009/08/14 22:06:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/11/19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008/11/19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008/11/19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus) DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:64bit: - [2008/09/05 14:54:12 | 000,102,392 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\cyphxdrv.sys -- (cyphxdrv) DRV:64bit: - [2008/06/06 17:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter) DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2010/09/10 17:08:49 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010/09/06 16:56:19 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy) DRV - [2008/01/15 17:09:42 | 000,047,470 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCENT.SYS -- (FDCENT) DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4 FF - prefs.js..extensions.enabledItems: {76D00298-1B6D-4487-AC9A-A797951ED953}:1.9.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{76D00298-1B6D-4487-AC9A-A797951ED953}: C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}\ [2010/07/08 23:59:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/08 13:59:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/08 13:59:29 | 000,000,000 | ---D | M] [2009/08/09 03:29:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions [2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions [2010/02/27 12:21:42 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2010/04/28 19:17:28 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2009/09/09 02:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C} [2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0} [2010/04/28 06:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6} [2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell - "" = AutoRun O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell - "" = AutoRun O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found O33 - MountPoints2\{d64c17e0-8b1c-11df-97c1-00241d755acd}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/10 16:58:09 | 000,000,000 | ---D | C] -- C:\_OTL [2010/09/08 18:47:23 | 001,137,528 | ---- | C] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe [2010/09/06 15:28:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2010/09/06 00:24:22 | 000,000,000 | -HSD | C] -- C:\Users\Owner\.COMMgr [2010/09/06 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\qkycsinrg [2010/09/06 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Server [2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785 [2010/09/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV Demux All [2010/09/01 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MKVExtractGUI-1.6.4.1 [2010/09/01 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix [2010/09/01 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix [2010/09/01 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer [2010/09/01 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest [2010/08/31 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Uta Asobi (Uta Ashiibi) [2010/08/31 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Utabautayun [2010/08/21 14:13:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2010/08/20 04:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\100MEDIA [2010/08/20 03:30:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DCIM [2010/08/06 23:14:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter [2010/08/06 23:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mp3 Wma Ogg Converter [2010/08/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PasswordSafe [2010/08/06 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe [2010/08/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\beat crusaders [2010/08/05 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\enka [2010/07/30 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA [2010/07/29 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - IDENTITY [2010/07/28 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010/07/27 06:24:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Tokyo Jihen - Sports [2010/07/26 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder [2010/07/21 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - BoA [2010/07/18 02:03:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010/07/18 02:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010/07/18 01:21:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft Games [2010/07/17 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Toribash [2010/07/16 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[asian+nation] Tokyo Jihen - Goraku (Variety) [2007.09.26] [2010/07/15 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Album [2010/07/15 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Singles [2010/07/10 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DESKTOP [2010/07/08 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953} [2010/07/08 13:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame [2010/06/23 17:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub [2010/06/22 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\WBGames ========== Files - Modified Within 90 Days ========== [2010/09/11 14:24:12 | 002,097,152 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT [2010/09/11 13:29:54 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/09/11 13:29:53 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/09/11 13:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/10 17:15:14 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/09/10 17:15:14 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/09/10 17:15:14 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/09/10 17:08:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/10 17:08:35 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys [2010/09/10 17:07:44 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TMContainer00000000000000000001.regtrans-ms [2010/09/10 17:07:44 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TM.blf [2010/09/10 17:07:37 | 002,215,813 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db [2010/09/09 16:11:04 | 003,382,241 | ---- | M] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf [2010/09/08 18:47:53 | 001,137,528 | ---- | M] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe [2010/09/06 16:56:19 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2010/09/06 04:13:22 | 000,002,891 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.zip [2010/09/06 03:34:04 | 000,293,376 | ---- | M] () -- C:\Users\Owner\Desktop\0ym8hil9.exe [2010/09/06 03:29:21 | 000,525,824 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr [2010/09/06 03:24:05 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable [2010/09/06 03:14:06 | 000,007,736 | ---- | M] () -- C:\Users\Owner\Desktop\pwsafe.dat [2010/09/04 13:22:27 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2010/09/03 23:18:16 | 000,104,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/01 22:01:09 | 000,940,358 | ---- | M] () -- C:\Users\Owner\Desktop\hw1.1.zip [2010/09/01 21:12:30 | 014,388,036 | ---- | M] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf [2010/09/01 20:29:00 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk [2010/08/19 22:57:43 | 002,300,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/08/06 20:36:18 | 000,000,869 | ---- | M] () -- C:\Users\Owner\Desktop\Password Safe.lnk [2010/08/06 20:31:02 | 000,007,360 | ---- | M] () -- C:\Users\Owner\Desktop\pw.bak [2010/07/28 15:44:40 | 000,000,533 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat [2010/07/08 23:59:39 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat [2010/07/08 23:59:39 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin ========== Files Created - No Company Name ========== [2010/09/09 16:10:19 | 003,382,241 | ---- | C] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf [2010/09/06 16:16:14 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys [2010/09/06 04:13:22 | 000,002,891 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.zip [2010/09/06 03:34:03 | 000,293,376 | ---- | C] () -- C:\Users\Owner\Desktop\0ym8hil9.exe [2010/09/06 03:29:18 | 000,525,824 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr [2010/09/06 03:24:04 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable [2010/09/06 02:31:17 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys [2010/09/01 22:01:09 | 000,940,358 | ---- | C] () -- C:\Users\Owner\Desktop\hw1.1.zip [2010/09/01 21:11:57 | 014,388,036 | ---- | C] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf [2010/09/01 20:29:00 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk [2010/08/23 19:50:42 | 000,007,736 | ---- | C] () -- C:\Users\Owner\Desktop\pwsafe.dat [2010/08/06 20:36:18 | 000,000,869 | ---- | C] () -- C:\Users\Owner\Desktop\Password Safe.lnk [2010/08/06 20:30:26 | 000,007,360 | ---- | C] () -- C:\Users\Owner\Desktop\pw.bak [2010/07/08 23:59:39 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat [2010/07/08 23:59:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin [2010/05/13 18:17:41 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll [2010/05/02 20:46:17 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/03/21 12:30:46 | 000,002,699 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010/03/03 07:30:48 | 000,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll [2010/03/03 07:30:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010/01/17 19:32:37 | 000,000,082 | ---- | C] () -- C:\Windows\wininit.ini [2010/01/15 19:57:44 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2010/01/15 19:57:44 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2009/12/08 02:56:41 | 000,001,342 | ---- | C] () -- C:\Windows\maxlink.ini [2009/12/08 02:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\calera.ini [2009/12/08 02:56:30 | 000,269,312 | ---- | C] () -- C:\Windows\SysWow64\FPXIG.DLL [2009/12/08 02:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\IGFPX32P.DLL [2009/12/08 02:56:30 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\JPEGACC.DLL [2009/12/08 02:56:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\WELSOF32.DLL [2009/11/07 18:40:22 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/10/13 00:52:42 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2009/09/12 00:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/12 00:24:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/08/24 15:43:34 | 000,000,533 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat [2009/08/14 20:04:32 | 000,104,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/09 21:05:23 | 002,468,130 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NET_Framework35_x64_MSI51FF.txt [2009/08/09 20:54:25 | 000,200,298 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2009/08/09 20:54:20 | 000,010,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt [2009/08/09 20:54:20 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt [2009/08/09 20:54:19 | 000,210,472 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt [2009/08/09 14:34:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009/08/09 13:55:12 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat [2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008/07/03 20:04:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msoccwordm.dll [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 13:50:17 | 000,016,489 | ---- | C] () -- C:\Windows\SysWow64\mswcncorem.dll [2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll ========== LOP Check ========== [2010/09/06 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785 [2009/09/05 00:46:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore [2009/08/27 04:34:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite [2009/09/27 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DonationCoder [2010/08/06 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter [2010/04/29 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame [2010/01/15 19:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics [2009/11/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LockHunter [2010/09/01 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix [2010/06/02 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag [2009/10/25 04:06:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet [2009/10/29 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound [2010/04/29 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NPLUTO Corporation [2010/09/10 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2010/05/01 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VirtuaWin [2010/02/11 21:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} [2010/09/10 17:07:39 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 280 bytes -> C:\ProgramData\TEMP:E6E3D650 < End of report > I also noticed that my "Documents and settings" folder is hidden and gives "Access is denied" message, although mbam seems to give me clean results now. What should I do next? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4594 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 9/11/2010 2:24:08 PM mbam-log-2010-09-11 (14-24-08).txt Scan type: Quick scan Objects scanned: 137313 Time elapsed: 3 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Quarantined and deleted successfully. OTL quick scan log: OTL logfile created on: 9/11/2010 2:25:14 PM - Run 6 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free 8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 4.99 Gb Free Space | 1.07% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACORN Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010/04/28 21:17:13 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\SwitchDesk.exe PRC - [2009/08/24 16:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe PRC - [2008/04/24 21:46:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe PRC - [2008/04/24 21:46:32 | 000,116,224 | ---- | M] (VirtuaWin) -- C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe ========== Modules (SafeList) ========== MOD - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc) SRV:64bit: - [2008/09/02 07:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\cypherixsrv.exe -- (cypherixservice) SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009/11/28 16:40:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/05/03 13:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [On_Demand | Stopped] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt) SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2006/12/10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp) DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\FDCENT.SYS -- (FDCENT) DRV:64bit: - [2010/05/01 00:44:31 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133) DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009/08/26 19:06:36 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/08/14 22:06:34 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2009/08/14 22:06:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/11/19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008/11/19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008/11/19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus) DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:64bit: - [2008/09/05 14:54:12 | 000,102,392 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\cyphxdrv.sys -- (cyphxdrv) DRV:64bit: - [2008/06/06 17:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter) DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2010/09/10 17:08:49 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010/09/06 16:56:19 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy) DRV - [2008/01/15 17:09:42 | 000,047,470 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCENT.SYS -- (FDCENT) DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4 FF - prefs.js..extensions.enabledItems: {76D00298-1B6D-4487-AC9A-A797951ED953}:1.9.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{76D00298-1B6D-4487-AC9A-A797951ED953}: C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}\ [2010/07/08 23:59:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/08 13:59:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/08 13:59:29 | 000,000,000 | ---D | M] [2009/08/09 03:29:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions [2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions [2010/02/27 12:21:42 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2010/04/28 19:17:28 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2009/09/09 02:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C} [2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0} [2010/04/28 06:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6} [2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell - "" = AutoRun O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell - "" = AutoRun O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found O33 - MountPoints2\{d64c17e0-8b1c-11df-97c1-00241d755acd}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/10 16:58:09 | 000,000,000 | ---D | C] -- C:\_OTL [2010/09/08 18:47:23 | 001,137,528 | ---- | C] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe [2010/09/06 15:28:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2010/09/06 00:24:22 | 000,000,000 | -HSD | C] -- C:\Users\Owner\.COMMgr [2010/09/06 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\qkycsinrg [2010/09/06 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Server [2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785 [2010/09/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV Demux All [2010/09/01 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MKVExtractGUI-1.6.4.1 [2010/09/01 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix [2010/09/01 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix [2010/09/01 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer [2010/09/01 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest [2010/08/31 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Uta Asobi (Uta Ashiibi) [2010/08/31 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Utabautayun [2010/08/21 14:13:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2010/08/20 04:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\100MEDIA [2010/08/20 03:30:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DCIM [2010/08/06 23:14:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter [2010/08/06 23:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mp3 Wma Ogg Converter [2010/08/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PasswordSafe [2010/08/06 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe [2010/08/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\beat crusaders [2010/08/05 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\enka [2010/07/30 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA [2010/07/29 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - IDENTITY [2010/07/28 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010/07/27 06:24:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Tokyo Jihen - Sports [2010/07/26 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder [2010/07/21 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - BoA [2010/07/18 02:03:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010/07/18 02:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010/07/18 01:21:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft Games [2010/07/17 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Toribash [2010/07/16 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[asian+nation] Tokyo Jihen - Goraku (Variety) [2007.09.26] [2010/07/15 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Album [2010/07/15 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Singles [2010/07/10 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DESKTOP [2010/07/08 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953} [2010/07/08 13:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame [2010/06/23 17:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub [2010/06/22 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\WBGames ========== Files - Modified Within 90 Days ========== [2010/09/11 14:24:12 | 002,097,152 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT [2010/09/11 13:29:54 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/09/11 13:29:53 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/09/11 13:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/10 17:15:14 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/09/10 17:15:14 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/09/10 17:15:14 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/09/10 17:08:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/10 17:08:35 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys [2010/09/10 17:07:44 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TMContainer00000000000000000001.regtrans-ms [2010/09/10 17:07:44 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TM.blf [2010/09/10 17:07:37 | 002,215,813 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db [2010/09/09 16:11:04 | 003,382,241 | ---- | M] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf [2010/09/08 18:47:53 | 001,137,528 | ---- | M] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe [2010/09/06 16:56:19 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2010/09/06 04:13:22 | 000,002,891 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.zip [2010/09/06 03:34:04 | 000,293,376 | ---- | M] () -- C:\Users\Owner\Desktop\0ym8hil9.exe [2010/09/06 03:29:21 | 000,525,824 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr [2010/09/06 03:24:05 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable [2010/09/06 03:14:06 | 000,007,736 | ---- | M] () -- C:\Users\Owner\Desktop\pwsafe.dat [2010/09/04 13:22:27 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2010/09/03 23:18:16 | 000,104,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/01 22:01:09 | 000,940,358 | ---- | M] () -- C:\Users\Owner\Desktop\hw1.1.zip [2010/09/01 21:12:30 | 014,388,036 | ---- | M] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf [2010/09/01 20:29:00 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk [2010/08/19 22:57:43 | 002,300,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/08/06 20:36:18 | 000,000,869 | ---- | M] () -- C:\Users\Owner\Desktop\Password Safe.lnk [2010/08/06 20:31:02 | 000,007,360 | ---- | M] () -- C:\Users\Owner\Desktop\pw.bak [2010/07/28 15:44:40 | 000,000,533 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat [2010/07/08 23:59:39 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat [2010/07/08 23:59:39 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin ========== Files Created - No Company Name ========== [2010/09/09 16:10:19 | 003,382,241 | ---- | C] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf [2010/09/06 16:16:14 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys [2010/09/06 04:13:22 | 000,002,891 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.zip [2010/09/06 03:34:03 | 000,293,376 | ---- | C] () -- C:\Users\Owner\Desktop\0ym8hil9.exe [2010/09/06 03:29:18 | 000,525,824 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr [2010/09/06 03:24:04 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable [2010/09/06 02:31:17 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys [2010/09/01 22:01:09 | 000,940,358 | ---- | C] () -- C:\Users\Owner\Desktop\hw1.1.zip [2010/09/01 21:11:57 | 014,388,036 | ---- | C] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf [2010/09/01 20:29:00 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk [2010/08/23 19:50:42 | 000,007,736 | ---- | C] () -- C:\Users\Owner\Desktop\pwsafe.dat [2010/08/06 20:36:18 | 000,000,869 | ---- | C] () -- C:\Users\Owner\Desktop\Password Safe.lnk [2010/08/06 20:30:26 | 000,007,360 | ---- | C] () -- C:\Users\Owner\Desktop\pw.bak [2010/07/08 23:59:39 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat [2010/07/08 23:59:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin [2010/05/13 18:17:41 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll [2010/05/02 20:46:17 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/03/21 12:30:46 | 000,002,699 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010/03/03 07:30:48 | 000,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll [2010/03/03 07:30:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010/01/17 19:32:37 | 000,000,082 | ---- | C] () -- C:\Windows\wininit.ini [2010/01/15 19:57:44 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2010/01/15 19:57:44 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2009/12/08 02:56:41 | 000,001,342 | ---- | C] () -- C:\Windows\maxlink.ini [2009/12/08 02:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\calera.ini [2009/12/08 02:56:30 | 000,269,312 | ---- | C] () -- C:\Windows\SysWow64\FPXIG.DLL [2009/12/08 02:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\IGFPX32P.DLL [2009/12/08 02:56:30 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\JPEGACC.DLL [2009/12/08 02:56:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\WELSOF32.DLL [2009/11/07 18:40:22 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/10/13 00:52:42 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2009/09/12 00:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/12 00:24:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/08/24 15:43:34 | 000,000,533 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat [2009/08/14 20:04:32 | 000,104,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/09 21:05:23 | 002,468,130 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NET_Framework35_x64_MSI51FF.txt [2009/08/09 20:54:25 | 000,200,298 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2009/08/09 20:54:20 | 000,010,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt [2009/08/09 20:54:20 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt [2009/08/09 20:54:19 | 000,210,472 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt [2009/08/09 14:34:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009/08/09 13:55:12 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat [2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008/07/03 20:04:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msoccwordm.dll [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 13:50:17 | 000,016,489 | ---- | C] () -- C:\Windows\SysWow64\mswcncorem.dll [2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll ========== LOP Check ========== [2010/09/06 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785 [2009/09/05 00:46:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore [2009/08/27 04:34:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite [2009/09/27 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DonationCoder [2010/08/06 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter [2010/04/29 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame [2010/01/15 19:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics [2009/11/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LockHunter [2010/09/01 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix [2010/06/02 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag [2009/10/25 04:06:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet [2009/10/29 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound [2010/04/29 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NPLUTO Corporation [2010/09/10 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2010/05/01 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VirtuaWin [2010/02/11 21:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} [2010/09/10 17:07:39 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 280 bytes -> C:\ProgramData\TEMP:E6E3D650 < End of report >
  6. I accidentally closed the OTL log. From what I remember, it seemed to have fixed everything (including nofolderoptions) except msounkernm.dll, which it said "file not found." MBAM still does not seem able to remove msounkernm.dll. MBAM report: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4591 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 9/10/2010 5:07:31 PM mbam-log-2010-09-10 (17-07-31).txt Scan type: Quick scan Objects scanned: 137317 Time elapsed: 4 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.
  7. Thank you! my task bar is back to normal now. However, I ran mbam again and found 5 more infections. The 3 that say "delete on reboot" seem to be the same ones as before (and stay after reboot). I am also still getting the search redirects in Firefox. Here is the mbam log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4584 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 9/9/2010 4:22:55 PM mbam-log-2010-09-09 (16-22-55).txt Scan type: Quick scan Objects scanned: 137565 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snexmrwoca.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot. C:\Users\Owner\AppData\Local\Temp\snexmrwoca.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Owner\AppData\Local\Temp\seancomrwx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
  8. Okay. I did as per your instructions. Is the report the file C:\blitzblank ? here it is: BlitzBlank 1.0.0.29 File/Registry Modification Engine native application MoveFileOnReboot: sourceFile = "\??\c:\windows\explorer.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\wininit.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\explorer.exe", destinationFile = "\??\c:\windows\explorer.exe", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\wininit.exe", destinationFile = "\??\c:\windows\syswow64\wininit.exe", replaceWithDummy = 0
  9. Here is the OTL log after doing that: OTL logfile created on: 9/7/2010 5:09:46 PM - Run 4 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free 8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 9.44 Gb Free Space | 2.03% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 15.06 Gb Total Space | 14.73 Gb Free Space | 97.82% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACORN Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=5903EB4ADCD7149D691140161AC4A5B6 -- C:\Windows\explorer.exe [2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: HLP.DAT > [2009/04/11 02:26:45 | 000,034,699 | ---- | M] () MD5=988D9624B4220182DFF971C1D18D73EC -- C:\Windows\SysWOW64\hlp.dat [2009/04/11 02:26:45 | 000,034,699 | ---- | M] () MD5=988D9624B4220182DFF971C1D18D73EC -- C:\Windows\SysWOW64\hlp.dat < MD5 for: WININIT.EXE > [2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe [2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=F9007C650A1C12B7D2EDF22F6F63D420 -- C:\Windows\SysWOW64\wininit.exe [2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=F9007C650A1C12B7D2EDF22F6F63D420 -- C:\Windows\SysWOW64\wininit.exe < End of report >
  10. Thanks for helping. Nothing has changed since my first post--nothing I could notice. My system tray is still inaccessible and windows explorer is still crashing under light use; google links still redirect in firefox. When I tried opening RKU I got "Error loading driver, NTSTATUS code: 0xC000036B" and could not run the program. Here are the other two logs. OTL logfile created on: 9/6/2010 3:33:45 PM - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free 8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 9.34 Gb Free Space | 2.00% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACORN Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/06 15:28:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe PRC - [2010/04/28 21:17:13 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\SwitchDesk.exe PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010/02/14 21:46:49 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2009/08/24 16:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe PRC - [2008/06/29 23:04:11 | 000,077,903 | ---- | M] (Hlp) -- c:\Windows\SysWOW64\rooseh.exe PRC - [2008/04/24 21:46:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe PRC - [2008/04/24 21:46:32 | 000,116,224 | ---- | M] (VirtuaWin) -- C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe ========== Modules (SafeList) ========== MOD - [2010/09/06 15:28:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc) SRV:64bit: - [2008/09/02 07:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\cypherixsrv.exe -- (cypherixservice) SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009/11/28 16:40:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/05/03 13:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [On_Demand | Stopped] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt) SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2008/06/29 23:04:11 | 000,077,903 | ---- | M] (Hlp) [Auto | Running] -- c:\Windows\SysWOW64\rooseh.exe -- (ygznbywjlyycso) SRV - [2006/12/10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp) DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\FDCENT.SYS -- (FDCENT) DRV:64bit: - [2010/05/01 00:44:31 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133) DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009/08/26 19:06:36 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/08/14 22:06:34 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2009/08/14 22:06:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/11/19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008/11/19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008/11/19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus) DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:64bit: - [2008/09/05 14:54:12 | 000,102,392 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\cyphxdrv.sys -- (cyphxdrv) DRV:64bit: - [2008/06/06 17:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter) DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2010/09/06 03:25:44 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2008/01/15 17:09:42 | 000,047,470 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCENT.SYS -- (FDCENT) DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4 FF - prefs.js..extensions.enabledItems: {76D00298-1B6D-4487-AC9A-A797951ED953}:1.9.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{76D00298-1B6D-4487-AC9A-A797951ED953}: C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}\ [2010/07/08 23:59:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/08 13:59:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/08 13:59:29 | 000,000,000 | ---D | M] [2009/08/09 03:29:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions [2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions [2010/02/27 12:21:42 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2010/04/28 19:17:28 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2009/09/09 02:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C} [2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0} [2010/04/28 06:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6} [2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [snexmrwoca.exe] C:\Users\MrSkwrl\AppData\Local\Temp\snexmrwoca.exe File not found O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell - "" = AutoRun O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell - "" = AutoRun O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found O33 - MountPoints2\{d64c17e0-8b1c-11df-97c1-00241d755acd}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/06 15:28:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2010/09/06 03:16:32 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010/09/06 03:16:32 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010/09/06 03:16:32 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010/09/06 03:16:32 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010/09/06 03:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010/09/06 03:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010/09/06 00:24:22 | 000,000,000 | -HSD | C] -- C:\Users\Owner\.COMMgr [2010/09/06 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\qkycsinrg [2010/09/06 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Server [2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785 [2010/09/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV Demux All [2010/09/01 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MKVExtractGUI-1.6.4.1 [2010/09/01 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix [2010/09/01 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix [2010/09/01 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer [2010/09/01 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest [2010/08/31 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Uta Asobi (Uta Ashiibi) [2010/08/31 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Utabautayun [2010/08/21 14:13:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2010/08/20 04:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\100MEDIA [2010/08/20 03:30:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DCIM [2010/08/06 23:14:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter [2010/08/06 23:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mp3 Wma Ogg Converter [2010/08/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PasswordSafe [2010/08/06 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe [2010/08/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\beat crusaders [2010/08/05 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\enka [2010/07/30 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA [2010/07/29 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - IDENTITY [2010/07/28 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010/07/27 06:24:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Tokyo Jihen - Sports [2010/07/26 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder [2010/07/21 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - BoA [2010/07/18 02:03:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2010/07/18 02:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010/07/18 01:21:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft Games [2010/07/17 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Toribash [2010/07/16 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[asian+nation] Tokyo Jihen - Goraku (Variety) [2007.09.26] [2010/07/15 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Album [2010/07/15 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Singles [2010/07/10 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DESKTOP [2010/07/08 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953} [2010/07/08 13:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame [2010/06/23 17:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub [2010/06/22 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\WBGames [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/09/06 15:31:20 | 002,097,152 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT [2010/09/06 15:28:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2010/09/06 15:26:13 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/06 15:26:13 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/06 13:52:41 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/09/06 13:52:41 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/09/06 13:52:41 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/09/06 13:51:14 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/09/06 13:51:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/06 04:13:22 | 000,002,891 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.zip [2010/09/06 03:34:04 | 000,293,376 | ---- | M] () -- C:\Users\Owner\Desktop\0ym8hil9.exe [2010/09/06 03:29:21 | 000,525,824 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr [2010/09/06 03:26:38 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/09/06 03:25:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/06 03:25:32 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys [2010/09/06 03:24:39 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TMContainer00000000000000000001.regtrans-ms [2010/09/06 03:24:39 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TM.blf [2010/09/06 03:24:27 | 002,070,466 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db [2010/09/06 03:24:05 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable [2010/09/06 03:16:39 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/09/06 03:14:06 | 000,007,736 | ---- | M] () -- C:\Users\Owner\Desktop\pwsafe.dat [2010/09/04 13:22:27 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2010/09/03 23:18:16 | 000,104,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/01 22:01:09 | 000,940,358 | ---- | M] () -- C:\Users\Owner\Desktop\hw1.1.zip [2010/09/01 21:12:30 | 014,388,036 | ---- | M] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf [2010/09/01 20:29:00 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk [2010/08/19 22:57:43 | 002,300,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/08/06 20:36:18 | 000,000,869 | ---- | M] () -- C:\Users\Owner\Desktop\Password Safe.lnk [2010/08/06 20:31:02 | 000,007,360 | ---- | M] () -- C:\Users\Owner\Desktop\pw.bak [2010/07/28 15:44:40 | 000,000,533 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat [2010/07/08 23:59:39 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat [2010/07/08 23:59:39 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin [2010/06/09 17:43:15 | 000,094,026 | ---- | M] () -- C:\Users\Owner\Documents\sms 06.09.10.csv [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/06 04:13:22 | 000,002,891 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.zip [2010/09/06 03:34:03 | 000,293,376 | ---- | C] () -- C:\Users\Owner\Desktop\0ym8hil9.exe [2010/09/06 03:29:18 | 000,525,824 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr [2010/09/06 03:24:04 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable [2010/09/06 03:16:39 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/09/06 02:31:17 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys [2010/09/01 22:01:09 | 000,940,358 | ---- | C] () -- C:\Users\Owner\Desktop\hw1.1.zip [2010/09/01 21:11:57 | 014,388,036 | ---- | C] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf [2010/09/01 20:29:00 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk [2010/08/23 19:50:42 | 000,007,736 | ---- | C] () -- C:\Users\Owner\Desktop\pwsafe.dat [2010/08/06 20:36:18 | 000,000,869 | ---- | C] () -- C:\Users\Owner\Desktop\Password Safe.lnk [2010/08/06 20:30:26 | 000,007,360 | ---- | C] () -- C:\Users\Owner\Desktop\pw.bak [2010/07/08 23:59:39 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat [2010/07/08 23:59:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin [2010/06/09 17:35:38 | 000,094,026 | ---- | C] () -- C:\Users\Owner\Documents\sms 06.09.10.csv [2010/05/13 18:17:41 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll [2010/05/02 20:46:17 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/03/21 12:30:46 | 000,002,699 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010/03/03 07:30:48 | 000,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll [2010/03/03 07:30:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010/01/17 19:32:37 | 000,000,082 | ---- | C] () -- C:\Windows\wininit.ini [2010/01/15 19:57:44 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2010/01/15 19:57:44 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2009/12/08 02:56:41 | 000,001,342 | ---- | C] () -- C:\Windows\maxlink.ini [2009/12/08 02:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\calera.ini [2009/12/08 02:56:30 | 000,269,312 | ---- | C] () -- C:\Windows\SysWow64\FPXIG.DLL [2009/12/08 02:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\IGFPX32P.DLL [2009/12/08 02:56:30 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\JPEGACC.DLL [2009/12/08 02:56:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\WELSOF32.DLL [2009/11/07 18:40:22 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/10/13 00:52:42 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2009/09/12 00:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/12 00:24:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/08/24 15:43:34 | 000,000,533 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat [2009/08/14 20:04:32 | 000,104,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/09 21:05:23 | 002,468,130 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NET_Framework35_x64_MSI51FF.txt [2009/08/09 20:54:25 | 000,200,298 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2009/08/09 20:54:20 | 000,010,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt [2009/08/09 20:54:20 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt [2009/08/09 20:54:19 | 000,210,472 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt [2009/08/09 14:34:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009/08/09 13:55:12 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat [2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008/12/07 03:24:26 | 000,016,489 | ---- | C] () -- C:\Windows\SysWow64\mswcncorem.dll [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008/07/03 20:04:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msoccwordm.dll [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll ========== LOP Check ========== [2010/09/06 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785 [2009/09/05 00:46:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore [2009/08/27 04:34:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite [2009/09/27 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DonationCoder [2010/08/06 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter [2010/04/29 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame [2010/01/15 19:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics [2009/11/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LockHunter [2010/09/01 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix [2010/06/02 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag [2009/10/25 04:06:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet [2009/10/29 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound [2010/04/29 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NPLUTO Corporation [2010/09/06 15:31:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2010/05/01 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VirtuaWin [2010/02/11 21:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} [2010/09/06 03:24:30 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 280 bytes -> C:\ProgramData\TEMP:E6E3D650 < End of report > OTL Extras logfile created on: 9/6/2010 3:33:45 PM - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free 8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 9.34 Gb Free Space | 2.00% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACORN Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = A2 61 F4 E0 B2 33 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12CAE947-672F-4F0A-91A3-22A7D743F605}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{19F6C575-0DE6-4180-822F-B969BC43BD0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{4B33F090-569B-46D4-8EAA-715983713B9A}" = lport=48373 | protocol=6 | dir=in | name=utor48373 | "{A12FBE46-59C2-4A06-B5A7-5A7A621DCE95}" = lport=48373 | protocol=17 | dir=in | name=utor48373(2) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03CFD7C5-5016-47B9-BEAA-FC4906505A23}" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe | "{10008C7D-804C-41F7-B6F4-0E7221E5444B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{2116A77F-8BBC-48C3-9894-2687F08EE357}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{21F7B64E-EE73-4D17-9CAC-8D7B66C8DC85}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{28C7EE7C-4947-4D07-A689-3732405424BB}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{2AE07704-DF3F-47E0-87F6-8D1E2254EB9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2B76B6BE-3C06-4CA3-A409-9F3E50C00EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{32A0DD5D-12A7-49B1-BA81-CD048E95A7DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3D778DAD-1A9E-411C-8AF7-DCED5D38C09F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{421CE9C6-7CDE-412D-830A-9289AF6849F1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{47070328-F319-4A59-8E08-7361869BBD86}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{4A406EFB-3BC3-4071-9432-B9C428C483C0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | "{4B16D11F-A4C8-4967-B4C3-4CCA8686BD98}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | "{4FC166E0-333A-4770-8F1D-6B6F85B5D486}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{538DE8A6-E148-4731-A235-3EF97024DDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{5DC5DF3B-FCD7-4D36-8257-DB4384C1D5E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5DCFA4AB-7718-44E4-9A56-5ADA8437B77E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{6106CDA2-1795-43C1-88A3-77FE9E22F187}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{64B51865-FC03-47F9-9939-EF8176F14999}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{6EA209BC-1227-45C3-873A-9D95DA34273B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6F6E7128-DA17-46C2-85D7-B00E4322A460}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{702116E5-F76F-4C4A-A13C-D8B5E5B3B82A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{7A02738F-0590-4851-A8A8-184A16D97515}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{833D682D-83C2-4B31-B203-372BD2238DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{866AFBBF-BCDF-4F79-82F1-3C610EF169BA}" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe | "{877AE5E1-EFE5-4955-BB4C-237772A45A59}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{87A6DB9F-9893-4F86-A23B-F9B512414870}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{94B4DC00-EA11-4CBA-B27C-5CBB3CADB4DE}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | "{9930B698-827C-4A72-81A5-E69BBB8E421E}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{9B000436-58A5-435F-B6F4-10619B205223}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{A2B17FBD-B2C7-4399-9CAF-E3E89F75ED1B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{ACFBA339-09CA-40CF-81BD-49AF87AF7D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{C775BB9C-B25A-4ADD-AA26-1E1B6F3318D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C9FC528F-7E25-4788-8F90-389504D3981C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DCD94E9D-272C-463A-A65D-05CFD67CCF70}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{E8230265-8279-4BBC-AB05-E65BB98B9D47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EAD4ABC4-A2BC-4C50-95B5-4AFEE34EBBCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EF78AA56-99AF-4B43-84D5-BEB07B84ACF1}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | "{F6955A82-B2FE-49DD-A930-4F9301871CDA}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{F988197D-35E2-4F82-85D5-D84361B4E125}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{FFF32ACA-A405-413A-A3E3-961436FD41D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{0EF3B34B-EBBD-4466-96D7-91C34481FF8B}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | "TCP Query User{122DE5D2-59B3-49F1-8BBB-48F3AA8F42A6}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "TCP Query User{1D04C9F9-366C-453E-B522-80DE5353B069}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | "TCP Query User{41A5270C-08C5-4B3B-AC7E-09ABAC2A4966}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe | "TCP Query User{6082C113-97AD-4841-BF48-1DB6327FCFCE}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe | "TCP Query User{93FC7FE3-8085-4BB1-B108-D2F2912B0280}C:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{2FA6406D-059E-4B38-8CC8-A642AC2B6D4C}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe | "UDP Query User{38D2ECFA-AC55-45BB-B59A-F906B4D34F8A}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe | "UDP Query User{5CFE22D1-8566-4CEB-882D-8C4DE4D1E0EB}C:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{9DDE3D42-91E9-4445-A0D9-363F4602D00F}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | "UDP Query User{F5337B38-E62B-46EA-A7E5-1A1A674BB6A3}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | "UDP Query User{FA7763EB-590D-4636-A0D5-3C1A9E5E2C36}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}" = HP Deskjet Printer Driver Software. 8.0.B "{1D0CA3FB-CD50-4F22-85EE-7A9451C9A792}" = iTunes "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9B1EF559-C401-4DC2-A456-F0C464F1C7E7}" = NetDeviceManager64 "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{FA74243F-4291-4d0a-AF6C-56C69F1CF1D2}" = SF_CDB_ToolboxIni64 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54 "cyple_is1" = Cypherix LE "Hide Folders 2009_is1" = Hide Folders 2009 3.2 for Windows XP/Vista "LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{3822F6D9-F309-41f4-BB98-DA061F0BA8B3}" = SF_CDB_Software "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR "{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{ACF1662C-404B-47AD-9D57-5CA7C9307284}_is1" = Free Mp3 Wma Ogg Converter 7.1.1 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype
  11. I haven't done any virus prevention/cleaning recently, and removed a whole lot of malware with a full scan on Malwarebytes tonight. However, after I rebooted, my computer now has become really slow and my system tray is blacked out/not working anymore. When I click the systray arrow to expand it, the arrow remains glitched across the tray. On another reboot, when I tried click the systray I got warning that "Windows explorer.exe has crashed" and option to restart it, after which it crashed twice more. The following Malwarebytes log is taken after the most recent reboot. msounkernm.dll can't seem to be accessed and Hijack.FolderOptions won't go away. I downloaded and ran Avira Antivir Personal, but that couldn't resolve those issues either. I also don't know what other malware may be lurking undetected ATM. In fact, Windows explorer crashed again during this post. Also, I've been having the internet-search-redirect issue (on Firefox) a lot recently too if that's helpful information. Please help me remove my malware! (I removed instances of my name and replaced with "Owner" in this post for my privacy. I hope that is okay.) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4553 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 9/6/2010 3:23:49 AM mbam-log-2010-09-06 (03-23-49).txt Scan type: Quick scan Objects scanned: 136703 Time elapsed: 3 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot. DDS (Ver_10-03-17.01) - NTFSX64 Run by Owner at 3:29:59.07 on Mon 09/06/2010 Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18 Microsoft Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.