cyberbemon

Honorary Members

View Profile See their activity

Posts
40
Joined
June 19, 2010
Last visited
June 23, 2010

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by cyberbemon

help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

ohhh i seeee...thank you soo much
- June 22, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

first of all thanks a billionnnnnnnnnnnnnnn.. ..if we ever meet drinks are on me .. i've followed your instructions.. 1.i got the password keeper 2.got spyware blaster 3.did the internet explorer thing 4.got WOT 5.got NO SCRIPT 6.Installed Host files. 7.got EURNT i've few questions...shud i install spywareGuard??..i have realtime spyware and antivirus protection from eset smart security..is that enough?. i have Ccleaner installed it removes all temporary internet files,recycle bin ,and obselste registry entries etc. and one last question i'm a computer science student so just a little curious..so wat exactly did this infection do..you made me produce lots of logs..i was just curious...its upto you if u want to answer them
- June 22, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found. File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found. File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. C:\Users\CYBERBEMON\Desktop\w111k952.exe moved successfully. ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: CYBERBEMON ->Temp folder emptied: 6610023 bytes ->Temporary Internet Files folder emptied: 713072 bytes ->Java cache emptied: 1 bytes ->FireFox cache emptied: 64719982 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 724 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 74398 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 69.00 mb [EMPTYFLASH] User: All Users User: CYBERBEMON ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06222010_081057 Files\Folders moved on Reboot... C:\Users\CYBERBEMON\AppData\Local\Temp\RarSFX1\SecurityCheck\fw1.txt moved successfully. C:\Users\CYBERBEMON\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
- June 22, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

"VLC media player" = VLC media player 1.0.5 "VMware_Player" = VMware Player "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "Warcraft III" = Warcraft III "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-4136707411-3201393476-1182888075-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "Google Chrome" = Google Chrome "NCsoft-Exteel" = Exteel (US) "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 19/06/2010 18:46:12 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1021 Description = Error - 19/06/2010 18:46:13 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1024 Description = Error - 19/06/2010 18:46:15 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1021 Description = Error - 19/06/2010 18:46:15 | Computer Name = CYBERBEMON-PC | Source = MsiInstaller | ID = 1024 Description = Error - 19/06/2010 20:18:53 | Computer Name = CYBERBEMON-PC | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.6.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1d84 Start Time: 01cb100d5c208e8e Termination Time: 9 Application Path: C:\Users\CYBERBEMON\Desktop\OTL.exe Report Id: Error - 20/06/2010 06:59:24 | Computer Name = CYBERBEMON-PC | Source = TabletServicePen | ID = 0 Description = Error - 20/06/2010 15:13:42 | Computer Name = CYBERBEMON-PC | Source = Application Error | ID = 1000 Description = Faulting application name: Hpservice.exe, version: 4.0.2.1, time stamp: 0x4a54e868 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5be02b Exception code: 0xc0000005 Fault offset: 0x000000000001adaa Faulting process id: 0x484 Faulting application start time: 0x01cb106797957fa2 Faulting application path: C:\Windows\system32\Hpservice.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: efeabd28-7c9f-11df-bdb4-00269e1a92cd Error - 21/06/2010 06:17:11 | Computer Name = CYBERBEMON-PC | Source = Application Error | ID = 1000 Description = Faulting application name: DevilMayCry4_DX9.exe, version: 1.0.0.0, time stamp: 0x4833b3d2 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x911e5359 Faulting process id: 0x121c Faulting application start time: 0x01cb112892b389ff Faulting application path: C:\Users\CYBERBEMON\Documents\Downloads\DEVILMAYCRY4\DevilMayCry4_DX9.exe Faulting module path: unknown Report Id: 277b5218-7d1e-11df-bf5c-00269e1a92cd Error - 21/06/2010 15:34:32 | Computer Name = CYBERBEMON-PC | Source = TabletServicePen | ID = 0 Description = Error - 21/06/2010 16:19:32 | Computer Name = CYBERBEMON-PC | Source = TabletServicePen | ID = 0 Description = [ System Events ] Error - 21/06/2010 06:21:03 | Computer Name = CYBERBEMON-PC | Source = Service Control Manager | ID = 7023 Description = The VMware USB Arbitration Service service terminated with the following error: %%31 Error - 21/06/2010 06:23:18 | Computer Name = CYBERBEMON-PC | Source = ipnathlp | ID = 31004 Description = Error - 21/06/2010 15:18:08 | Computer Name = CYBERBEMON-PC | Source = DCOM | ID = 10010 Description = Error - 21/06/2010 15:33:20 | Computer Name = CYBERBEMON-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 20:31:37 on ?21/?06/?2010 was unexpected. Error - 21/06/2010 15:33:14 | Computer Name = CYBERBEMON-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 21/06/2010 15:33:29 | Computer Name = CYBERBEMON-PC | Source = Service Control Manager | ID = 7023 Description = The VMware USB Arbitration Service service terminated with the following error: %%31 Error - 21/06/2010 15:50:22 | Computer Name = CYBERBEMON-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 21/06/2010 15:50:34 | Computer Name = CYBERBEMON-PC | Source = Service Control Manager | ID = 7023 Description = The VMware USB Arbitration Service service terminated with the following error: %%31 Error - 21/06/2010 16:19:27 | Computer Name = CYBERBEMON-PC | Source = ipnathlp | ID = 31004 Description = Error - 21/06/2010 16:41:44 | Computer Name = CYBERBEMON-PC | Source = DCOM | ID = 10010 Description = < End of report >
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E9AF380B-40FA-4D83-A5C7-A80D9BB8E566}" = LEGO MINDSTORMS NXT Edu Migration Package "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse "{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard "{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4 "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4 "Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4 "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Akamai" = Akamai NetSession Interface "CamStudio" = CamStudio "CCleaner" = CCleaner "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In "Digsby" = Digsby "DivX Setup.divx.com" = DivX Setup "Free Download Manager_is1" = Free Download Manager 3.0 "Game Booster_is1" = Game Booster "GameSpy Arcade" = GameSpy Arcade "Guitar Pro 5_is1" = Guitar Pro 5.2 "HijackThis" = HijackThis 2.0.2 "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0 "Impulse" = Impulse "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "JustVoip_is1" = JustVoip "KatMouse" = KatMouse (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU "Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU "Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MP3 Converter Simple" = MP3 Converter Simple "Notepad++" = Notepad++ "Pen Tablet Driver" = Pen Tablet "PunkBusterSvc" = PunkBuster Services "Raptr" = Raptr "Steam App 13140" = America's Army 3 "Steam App 400" = Portal "Steam App 440" = Team Fortress 2 "Steam App 9860" = The Chronicles of Riddick: Assault on Dark Athena "TeamViewer 5" = TeamViewer 5 "Unreal Tournament III" = Unreal Tournament III "uTorrent" =
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2 "{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7 "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{58B45D92-BD94-49b5-9ED1-5345E2DB5576}" = Microsoft Robotics Developer Studio 2008 R2 Express Edition "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011 "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX "{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX "{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish "{701A9A13-7006-483e-802F-DBBEE551A233}" = Microsoft Robotics Developer Studio 2008 R2 "{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79EFF529-C306-41DC-81D9-17F181DF287A}" = DoISO "{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French "{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes "{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English "{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9666C26B-FC71-4F84-B5B7-80DDFE5FAA57}" = LEGO MINDSTORMS Edu NXT - English Language Pack "{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson "{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English) "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011 "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish "{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin "{A174D18A-766D-4581-B683-A1D8A5349123}" = LEGO MINDSTORMS Edu NXT Software v2.0 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU "{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech "{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player "{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish "{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek "{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components) "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian "{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C8A3F8A5-6F86-4c52-AD3C-4A5E68D518E8}" = Microsoft CCR and DSS Runtime 2008 R2 "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4 "{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU "{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU "{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU "{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy) "{E14D4E88-DBBF-4AEE-A8EB-C4744E95EEEA}" = LEGO
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common "{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

EXTRAS LOG OTL Extras logfile created on: 21/06/2010 22:56:21 - Run 3OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CYBERBEMON\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.88 Gb Total Space | 98.06 Gb Free Space | 42.11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CYBERBEMON-PC Current User Name: CYBERBEMON Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4136707411-3201393476-1182888075-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{053B3DA8-91B5-4682-A130-715412A1A253}" = Paint.NET v3.5.4 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit) "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{39BFB02A-9692-0409-A808-3F5C7B1F8953}" = Autodesk 3ds Max 2011 64-bit "{49C955A9-8676-41DC-ABA4-ECD4B751FE0B}" = Adept Runtime "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7563F495-80F5-0409-A514-747C66C22449}" = Autodesk 3ds Max 2011 64-bit Components "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{89C4C60E-490D-43D1-A4EE-92877306DEC3}" = LEGO MINDSTORMS NXT Driver for x64 "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C6B80683-42E1-44BB-AB00-01DE6B82A393}" = ESET Smart Security "{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4 "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2 "{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit) "{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64 "{EB7C6F78-2A27-4FEF-A98B-5F2698DC4CBF}" = Saitek SD6 Programming Software 6.6.6.9 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit "BatteryBar" = BatteryBar (remove only) "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU "SynTPDeinstKey" = Synaptics Pointing Device Driver "UDK-622e5e71-acf6-4327-83af-f9bec35ac9e3" = Unreal Development Kit: 2009-11 "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer) "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists) "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista "{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant "{12E30EA5-B321-4AB5-AFC7-6DF280464033}" = Adept "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup "{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0 "{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding "{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup "{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress) "{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3E4153AF-3D74-4062-8812-B1FDCE6B1F37}" = LEGO
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\CYBERBEMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation) O4 - Startup: C:\Users\CYBERBEMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = C:\Program Files (x86)\KatMouse\KatMouse.exe () O4 - Startup: C:\Users\CYBERBEMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5 O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/05/22 13:12:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/21 20:24:53 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Desktop\JavaRa [2010/06/21 20:20:00 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2010/06/21 20:20:00 | 000,182,784 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2010/06/21 20:20:00 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2010/06/21 20:20:00 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2010/06/21 20:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/21 20:18:16 | 016,420,640 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\CYBERBEMON\Desktop\jre-6u20-windows-x64.exe [2010/06/20 20:13:36 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/19 23:22:12 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\CYBERBEMON\Desktop\OTL.exe [2010/06/19 01:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010/06/19 01:19:32 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2010/06/19 01:19:32 | 000,059,880 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2010/06/19 01:19:32 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [2010/06/19 01:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire [2010/06/19 01:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010/06/17 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\AppData\Local\Electronic Arts [2010/06/17 17:25:25 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Documents\Electronic Arts [2010/06/17 17:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2010/06/17 16:49:39 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Desktop\3ds max [2010/06/17 15:00:27 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\AppData\Roaming\Raptr [2010/06/17 15:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr [2010/06/13 23:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mektek.net [2010/06/11 22:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2010/06/10 12:13:07 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll [2010/06/10 12:13:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll [2010/06/10 12:12:35 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010/06/10 12:12:34 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010/06/10 12:12:34 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010/06/10 12:12:31 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010/06/10 12:12:30 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010/06/10 12:12:29 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010/06/10 12:12:29 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010/06/10 12:12:28 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010/06/10 12:12:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2010/06/10 12:12:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2010/06/10 12:12:21 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010/06/10 12:12:21 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010/06/10 12:12:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010/06/10 12:12:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010/06/08 18:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies [2010/05/30 15:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire [2010/05/29 23:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAM Def XT [2010/05/28 23:40:42 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Documents\3dsMax [2010/05/26 21:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 5 [2010/05/26 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Desktop\guitar pro [2010/05/25 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010/05/25 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010/05/23 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock [2010/05/23 13:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epic Games ========== Files - Modified Within 30 Days ========== [2010/06/21 23:07:56 | 003,670,016 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT [2010/06/21 22:30:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4136707411-3201393476-1182888075-1000UA.job [2010/06/21 21:45:00 | 000,001,388 | ---- | M] () -- C:\Windows\statecad.ini [2010/06/21 21:42:21 | 000,867,892 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\SecurityCheck.exe [2010/06/21 20:57:48 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/21 20:57:48 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/21 20:50:36 | 000,000,378 | ---- | M] () -- C:\Windows\SysNative\Pen_Tablet.dat [2010/06/21 20:50:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/21 20:50:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/21 20:50:15 | 2414,215,168 | -HS- | M] () -- C:\hiberfil.sys [2010/06/21 20:49:16 | 002,284,620 | -H-- | M] () -- C:\Users\CYBERBEMON\AppData\Local\IconCache.db [2010/06/21 20:30:03 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4136707411-3201393476-1182888075-1000Core.job [2010/06/21 20:30:00 | 000,000,000 | ---- | M] () -- C:\Windows\sc.INI [2010/06/21 20:24:39 | 000,071,798 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\JavaRa.zip [2010/06/21 20:19:43 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2010/06/21 20:19:43 | 000,182,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2010/06/21 20:19:43 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2010/06/21 20:19:43 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2010/06/21 20:19:05 | 016,420,640 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\CYBERBEMON\Desktop\jre-6u20-windows-x64.exe [2010/06/21 10:44:57 | 000,178,417 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\Untitled.jpg [2010/06/20 12:05:38 | 000,293,376 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\w111k952.exe [2010/06/19 23:22:23 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\CYBERBEMON\Desktop\OTL.exe [2010/06/19 01:25:26 | 000,002,097 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\HijackThis.lnk [2010/06/17 16:36:08 | 000,809,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/06/17 16:36:08 | 000,689,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/06/17 16:36:08 | 000,134,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/06/16 12:22:32 | 000,005,120 | ---- | M] () -- C:\Users\CYBERBEMON\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/16 10:36:10 | 000,001,373 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\Devil May Cry 4 DX9 Trainer - Shortcut.lnk [2010/06/11 03:17:24 | 002,899,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/06/08 20:05:53 | 000,524,288 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000002.regtrans-ms [2010/06/08 20:05:53 | 000,524,288 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000001.regtrans-ms [2010/06/08 20:05:53 | 000,065,536 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TM.blf [2010/06/08 18:25:28 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010/06/02 11:56:04 | 000,215,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010/06/02 11:56:04 | 000,215,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010/05/29 00:45:45 | 000,000,946 | ---- | M] () -- C:\Users\CYBERBEMON\Documents\67.rtf [2010/05/27 08:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010/05/27 07:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010/05/27 05:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010/05/27 04:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010/05/26 21:33:01 | 000,000,936 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\Guitar Pro 5.lnk [2010/05/26 21:12:56 | 000,065,776 | ---- | M] () -- C:\Users\CYBERBEMON\AppData\Local\GDIPFONTCACHEV1.DAT ========== Files Created - No Company Name ========== [2010/06/21 20:30:00 | 000,000,000 | ---- | C] () -- C:\Windows\sc.INI [2010/06/21 20:29:06 | 000,001,388 | ---- | C] () -- C:\Windows\statecad.ini [2010/06/21 20:27:52 | 000,867,892 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\SecurityCheck.exe [2010/06/21 20:24:37 | 000,071,798 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\JavaRa.zip [2010/06/20 12:05:31 | 000,293,376 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\w111k952.exe [2010/06/19 12:28:18 | 000,178,417 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\Untitled.jpg [2010/06/19 01:25:26 | 000,002,097 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\HijackThis.lnk [2010/06/17 16:32:40 | 000,024,064 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\XLKT.doc [2010/06/16 10:36:10 | 000,001,373 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\Devil May Cry 4 DX9 Trainer - Shortcut.lnk [2010/06/08 18:27:57 | 000,524,288 | -HS- | C] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000002.regtrans-ms [2010/06/08 18:27:57 | 000,524,288 | -HS- | C] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000001.regtrans-ms [2010/06/08 18:27:57 | 000,065,536 | -HS- | C] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TM.blf [2010/06/08 18:27:05 | 000,000,378 | ---- | C] () -- C:\Windows\SysNative\Pen_Tablet.dat [2010/05/27 18:21:10 | 000,000,946 | ---- | C] () -- C:\Users\CYBERBEMON\Documents\67.rtf [2010/05/26 21:33:01 | 000,000,936 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\Guitar Pro 5.lnk [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/03/26 10:56:06 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\sysogg.dll [2010/03/26 10:47:52 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010/02/01 23:17:12 | 000,815,754 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll < End of report >
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe () PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Xilinx\10.1\ISE\bin\nt\_setup.exe () PRC - C:\Xilinx\10.1\ISE\bin\nt\setup.exe () PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Downloads\AlwaysOnTopMaker\AlwaysOnTopMaker.exe () [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Users\CYBERBEMON\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\ThreatFire\TFWAH.dll (PC Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:[b]64bit:[/b] - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.) SRV:[b]64bit:[/b] - (mi-raysat_3dsmax2011_64) -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe () SRV:[b]64bit:[/b] - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc) SRV:[b]64bit:[/b] - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.) SRV:[b]64bit:[/b] - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.) SRV:[b]64bit:[/b] - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV:[b]64bit:[/b] - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET) SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:[b]64bit:[/b] - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.) SRV:[b]64bit:[/b] - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV:[b]64bit:[/b] - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation) SRV:[b]64bit:[/b] - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\rswin_3697.dll () SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.) SRV - (VSS) -- C:\Windows\Vss [2009/07/14 04:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 04:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:[b]64bit:[/b] - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools) DRV:[b]64bit:[/b] - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools) DRV:[b]64bit:[/b] - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools) DRV:[b]64bit:[/b] - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET) DRV:[b]64bit:[/b] - (BthAudioHF) -- C:\Windows\SysNative\drivers\BthAudioHF.sys (CSR, plc) DRV:[b]64bit:[/b] - (csr_a2dp) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc) DRV:[b]64bit:[/b] - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET) DRV:[b]64bit:[/b] - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET) DRV:[b]64bit:[/b] - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:[b]64bit:[/b] - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET) DRV:[b]64bit:[/b] - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc) DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:[b]64bit:[/b] - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation) DRV:[b]64bit:[/b] - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:[b]64bit:[/b] - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:[b]64bit:[/b] - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek) DRV:[b]64bit:[/b] - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek) DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:[b]64bit:[/b] - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:[b]64bit:[/b] - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:[b]64bit:[/b] - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo) DRV:[b]64bit:[/b] - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (dmodusb) -- C:\Windows\SysNative\drivers\dmodusb.sys (Windows (R) Codename Longhorn DDK provider) DRV:[b]64bit:[/b] - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:[b]64bit:[/b] - (SaiH0004) -- C:\Windows\SysNative\drivers\SaiH0004.sys (Saitek) DRV:[b]64bit:[/b] - (SaiU0004) -- C:\Windows\SysNative\drivers\SaiU0004.sys (Saitek) DRV:[b]64bit:[/b] - (SaiL0004) -- C:\Windows\SysNative\drivers\SaiL0004.sys (Saitek) DRV:[b]64bit:[/b] - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV - (CSC) -- C:\Windows\CSC [2010/01/30 17:19:57 | 000,000,000 | ---D | M] DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie IE - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 A1 F0 33 97 FD CA 01 [binary data] IE - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Amazon.co.uk" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.ie/" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64 FF - prefs.js..extensions.enabledItems: {3eba6510-7445-11db-9fe1-0800200c9a66}:0.1-public_beta-3 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/03 07:57:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/25 00:43:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/30 21:08:49 | 000,000,000 | ---D | M] [2010/05/30 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Extensions [2010/05/30 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2010/06/21 15:10:02 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions [2010/03/28 23:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\{3eba6510-7445-11db-9fe1-0800200c9a66} [2010/05/07 18:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2010/05/16 17:50:54 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\battlefieldheroespatcher@ea.com [2010/05/07 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\firebug@software.joehewitt.com [2010/05/07 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\personas@christopher.beard [2010/01/31 01:29:43 | 000,002,163 | ---- | M] () -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\searchplugins\bing.xml [2010/06/21 20:26:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll [2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:[b]64bit:[/b] - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe () O4 - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4136707411-3201393476-1182888075-1000..\Run: [Update] C:\Users\CYBERBEMON\AppData\Roaming\Update\Windows Update.exe (Microsoft
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

OTL logfile created on: 21/06/2010 22:56:21 - Run 3OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CYBERBEMON\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free 6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.88 Gb Total Space | 98.06 Gb Free Space | 42.11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CYBERBEMON-PC Current User Name: CYBERBEMON Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\CYBERBEMON\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Users\CYBERBEMON\AppData\Roaming\Update\Windows Update.exe (Microsoft
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

i saved the thing on to my desktop and there is no log after running it...
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

where does this thing save teh log??...
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

i did and onces it finishes the scanning it tries to open the log file in a program that has nothing to do with reading text files...its a CAD software..
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

hai i removed java and installed the new version..the javaRa did not produce any log...and after running security check it opens a different program instead of notepad....it tries to open the log in a designing software..i have no idea why it is doing that..
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

things are going great i'm not experincing any slowdown on pc perfomance or anything like tat...here is the scan result link scan result
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

here is the screenshot of the quarentined items in MBM Uploaded with ImageShack.us
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/06/20 20:13:36 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/19 23:22:12 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\CYBERBEMON\Desktop\OTL.exe [2010/06/19 01:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010/06/19 01:19:32 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2010/06/19 01:19:32 | 000,059,880 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2010/06/19 01:19:32 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [2010/06/19 01:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire [2010/06/19 01:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010/06/17 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\AppData\Local\Electronic Arts [2010/06/17 17:25:25 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Documents\Electronic Arts [2010/06/17 17:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2010/06/17 16:49:39 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Desktop\3ds max [2010/06/17 15:00:27 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\AppData\Roaming\Raptr [2010/06/17 15:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr [2010/06/13 23:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mektek.net [2010/06/11 22:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2010/06/10 12:13:07 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll [2010/06/10 12:13:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll [2010/06/10 12:12:35 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010/06/10 12:12:34 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010/06/10 12:12:34 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010/06/10 12:12:31 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010/06/10 12:12:30 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010/06/10 12:12:29 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010/06/10 12:12:29 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010/06/10 12:12:28 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010/06/10 12:12:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2010/06/10 12:12:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2010/06/10 12:12:21 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010/06/10 12:12:21 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010/06/10 12:12:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010/06/10 12:12:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010/06/08 18:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies [2010/05/30 15:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire [2010/05/29 23:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAM Def XT [2010/05/28 23:40:42 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Documents\3dsMax [2010/05/26 21:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 5 [2010/05/26 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Desktop\guitar pro [2010/05/25 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010/05/25 03:00:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010/05/23 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock [2010/05/23 13:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epic Games [2010/05/22 17:39:19 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\AppData\Local\Autodesk [2010/05/22 13:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2010/05/22 13:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2010/05/22 13:47:34 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\Documents\Inventor [2010/05/22 13:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2010/05/22 13:37:32 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2010/05/22 13:37:32 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2010/05/22 13:37:32 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2010/05/22 13:37:32 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2010/05/22 13:37:29 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2010/05/22 13:37:29 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2010/05/22 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\CYBERBEMON\AppData\Roaming\Autodesk [2010/05/22 13:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2010/05/22 13:12:44 | 000,000,000 | ---D | C] -- C:\Autodesk [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/06/21 10:14:19 | 003,670,016 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT [2010/06/21 09:30:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4136707411-3201393476-1182888075-1000UA.job [2010/06/20 20:30:10 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4136707411-3201393476-1182888075-1000Core.job [2010/06/20 20:23:02 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/20 20:23:02 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/20 20:15:48 | 000,000,378 | ---- | M] () -- C:\Windows\SysNative\Pen_Tablet.dat [2010/06/20 20:15:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/20 20:15:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/20 20:15:28 | 2414,215,168 | -HS- | M] () -- C:\hiberfil.sys [2010/06/20 20:14:29 | 001,449,978 | -H-- | M] () -- C:\Users\CYBERBEMON\AppData\Local\IconCache.db [2010/06/20 12:05:38 | 000,293,376 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\w111k952.exe [2010/06/19 23:22:23 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\CYBERBEMON\Desktop\OTL.exe [2010/06/19 12:28:18 | 000,312,241 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\Untitled.jpg [2010/06/19 01:25:26 | 000,002,097 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\HijackThis.lnk [2010/06/17 16:36:08 | 000,809,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/06/17 16:36:08 | 000,689,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/06/17 16:36:08 | 000,134,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/06/16 12:22:32 | 000,005,120 | ---- | M] () -- C:\Users\CYBERBEMON\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/16 10:36:10 | 000,001,373 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\Devil May Cry 4 DX9 Trainer - Shortcut.lnk [2010/06/11 03:17:24 | 002,899,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/06/08 20:05:53 | 000,524,288 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000002.regtrans-ms [2010/06/08 20:05:53 | 000,524,288 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000001.regtrans-ms [2010/06/08 20:05:53 | 000,065,536 | -HS- | M] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TM.blf [2010/06/08 18:25:28 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010/06/02 11:56:04 | 000,215,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010/06/02 11:56:04 | 000,215,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010/05/29 00:45:45 | 000,000,946 | ---- | M] () -- C:\Users\CYBERBEMON\Documents\67.rtf [2010/05/27 08:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010/05/27 07:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010/05/27 05:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010/05/27 04:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010/05/26 21:33:01 | 000,000,936 | ---- | M] () -- C:\Users\CYBERBEMON\Desktop\Guitar Pro 5.lnk [2010/05/26 21:12:56 | 000,065,776 | ---- | M] () -- C:\Users\CYBERBEMON\AppData\Local\GDIPFONTCACHEV1.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/06/20 12:05:31 | 000,293,376 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\w111k952.exe [2010/06/19 12:28:18 | 000,312,241 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\Untitled.jpg [2010/06/19 01:25:26 | 000,002,097 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\HijackThis.lnk [2010/06/17 16:32:40 | 000,024,064 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\XLKT.doc [2010/06/16 10:36:10 | 000,001,373 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\Devil May Cry 4 DX9 Trainer - Shortcut.lnk [2010/06/08 18:27:57 | 000,524,288 | -HS- | C] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000002.regtrans-ms [2010/06/08 18:27:57 | 000,524,288 | -HS- | C] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TMContainer00000000000000000001.regtrans-ms [2010/06/08 18:27:57 | 000,065,536 | -HS- | C] () -- C:\Users\CYBERBEMON\NTUSER.DAT{f829f76f-7322-11df-9556-00269e1a92cd}.TM.blf [2010/06/08 18:27:05 | 000,000,378 | ---- | C] () -- C:\Windows\SysNative\Pen_Tablet.dat [2010/05/27 18:21:10 | 000,000,946 | ---- | C] () -- C:\Users\CYBERBEMON\Documents\67.rtf [2010/05/26 21:33:01 | 000,000,936 | ---- | C] () -- C:\Users\CYBERBEMON\Desktop\Guitar Pro 5.lnk [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/03/26 10:56:06 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\sysogg.dll [2010/03/26 10:47:52 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010/02/01 23:17:12 | 000,815,754 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2010/04/29 13:23:41 | 000,001,024 | ---- | M] () -- C:\.rnd [2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010/01/31 01:18:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2010/06/20 20:15:28 | 2414,215,168 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 09:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 09:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 09:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 09:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 09:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 09:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 09:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 09:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 09:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2010/06/20 20:15:30 | 3218,956,288 | -HS- | M] () -- C:\pagefile.sys [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 09:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 09:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color] [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color] [2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /180 >[/color] [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys [color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color] < End of report >
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

O4 - Startup: C:\Users\CYBERBEMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation) O4 - Startup: C:\Users\CYBERBEMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = C:\Program Files (x86)\KatMouse\KatMouse.exe () O4 - Startup: C:\Users\CYBERBEMON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:[b]64bit:[/b] - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:[b]64bit:[/b] - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8:[b]64bit:[/b] - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5 O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/05/22 13:12:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:[b]64bit:[/b] Ias - C:\Windows\SysNative\ias [2009/07/14 04:20:14 | 000,000,000 | ---D | M] NetSvcs:[b]64bit:[/b] Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation) NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] midi2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] mixer2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:[b]64bit:[/b] msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] MSVideo8 - C:\Windows\SysNative\vfwwdm32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.IYUV - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.UYVY - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.YUY2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.YVU9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.YVYU - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] wave2 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation) Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

DRV:[b]64bit:[/b] - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)DRV:[b]64bit:[/b] - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools) DRV:[b]64bit:[/b] - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools) DRV:[b]64bit:[/b] - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools) DRV:[b]64bit:[/b] - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET) DRV:[b]64bit:[/b] - (BthAudioHF) -- C:\Windows\SysNative\drivers\BthAudioHF.sys (CSR, plc) DRV:[b]64bit:[/b] - (csr_a2dp) -- C:\Windows\SysNative\drivers\bthav.sys (CSR, plc) DRV:[b]64bit:[/b] - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET) DRV:[b]64bit:[/b] - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET) DRV:[b]64bit:[/b] - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:[b]64bit:[/b] - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET) DRV:[b]64bit:[/b] - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc) DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:[b]64bit:[/b] - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation) DRV:[b]64bit:[/b] - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:[b]64bit:[/b] - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:[b]64bit:[/b] - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek) DRV:[b]64bit:[/b] - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek) DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:[b]64bit:[/b] - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:[b]64bit:[/b] - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:[b]64bit:[/b] - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo) DRV:[b]64bit:[/b] - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (dmodusb) -- C:\Windows\SysNative\drivers\dmodusb.sys (Windows (R) Codename Longhorn DDK provider) DRV:[b]64bit:[/b] - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:[b]64bit:[/b] - (SaiH0004) -- C:\Windows\SysNative\drivers\SaiH0004.sys (Saitek) DRV:[b]64bit:[/b] - (SaiU0004) -- C:\Windows\SysNative\drivers\SaiU0004.sys (Saitek) DRV:[b]64bit:[/b] - (SaiL0004) -- C:\Windows\SysNative\drivers\SaiL0004.sys (Saitek) DRV:[b]64bit:[/b] - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV - (CSC) -- C:\Windows\CSC [2010/01/30 17:19:57 | 000,000,000 | ---D | M] DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (XilinxPC4Driver) -- C:\Windows\System32\drivers\xpc4drvr.sys (Xilinx, Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 A1 F0 33 97 FD CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Amazon.co.uk" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.ie/" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64 FF - prefs.js..extensions.enabledItems: {3eba6510-7445-11db-9fe1-0800200c9a66}:0.1-public_beta-3 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/03 07:57:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/25 00:43:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/01/30 21:08:49 | 000,000,000 | ---D | M] [2010/05/30 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Extensions [2010/05/30 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2010/06/20 14:54:28 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions [2010/03/28 23:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\{3eba6510-7445-11db-9fe1-0800200c9a66} [2010/05/07 18:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2010/05/16 17:50:54 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\battlefieldheroespatcher@ea.com [2010/05/07 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\firebug@software.joehewitt.com [2010/05/07 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\extensions\personas@christopher.beard [2010/01/31 01:29:43 | 000,002,163 | ---- | M] () -- C:\Users\CYBERBEMON\AppData\Roaming\Mozilla\Firefox\Profiles\gkxtzh4j.default\searchplugins\bing.xml [2010/02/21 22:49:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/03/03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll [2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:[b]64bit:[/b] - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [Update] C:\Users\CYBERBEMON\AppData\Roaming\Update\Windows Update.exe (Microsoft
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

SRV:[b]64bit:[/b] - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation) SRV:[b]64bit:[/b] - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\rswin_3697.dll () SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.) SRV - (VSS) -- C:\Windows\Vss [2009/07/14 04:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 04:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:[b]64bit:[/b] - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:[b]64bit:[/b] - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:[b]64bit:[/b] - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

SRV:[b]64bit:[/b] - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.) SRV:[b]64bit:[/b] - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET) SRV:[b]64bit:[/b] - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET) SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:[b]64bit:[/b] - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.) SRV:[b]64bit:[/b] - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe () PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\JustVoip.com\JustVoip\JustVoip.exe (JustVoip) PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Users\CYBERBEMON\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\ThreatFire\TFWAH.dll (PC Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:[b]64bit:[/b] - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.) SRV:[b]64bit:[/b] - (mi-raysat_3dsmax2011_64) -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe () SRV:[b]64bit:[/b] - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc) SRV:[b]64bit:[/b] - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

OTL LOG OTL logfile created on: 21/06/2010 10:11:48 - Run 2OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CYBERBEMON\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free 6.00 Gb Paging File | 3.00 Gb Available in Paging File | 55.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.88 Gb Total Space | 93.47 Gb Free Space | 40.14% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CYBERBEMON-PC Current User Name: CYBERBEMON Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\CYBERBEMON\AppData\Local\Temp\jkos-CYBERBEMON\binaries\ScanningProcess.exe (Kaspersky Lab.) PRC - C:\Users\CYBERBEMON\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Users\CYBERBEMON\AppData\Roaming\Update\Windows Update.exe (Microsoft
- June 21, 2010
- 52 replies
help me please

cyberbemon replied to cyberbemon's topic in Resolved Malware Removal Logs

hai here is the kaspersky log..the file it identified as infected came with my audio driver provided by HP..i don't know if its a false warning. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, June 21, 2010 Operating system: Microsoft (build 7600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, June 20, 2010 19:36:30 Records in database: 4303501 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 375855 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 11:07:58 File name / Threat / Threats count C:\swsetup\SP44989\WDM\Vista\idtmini1.exe Infected: Worm.Win32.Qvod.aer 1 Selected area has been scanned.
- June 21, 2010
- 52 replies

Events

Profiles

Forums

Everything posted by cyberbemon

Important Information