Jump to content

ummid

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by ummid

  1. ummid
    i see.thanks again for all your help elise.
  2. ummid
    got it. thanks again, elise. sorry, but i have one last question: why do i need to delete all those tools and logs?
  3. ummid
    scan finally done after about 6 hours: C:\Users\jerome\AppData\Roaming\Auslogics\Rescue\Boost Speed\100603193740183.rsc multiple threats deleted - quarantined C:\_OTL\MovedFiles\06302010_125820\C_Users\jerome\AppData\Local\Temp\login.exe a variant of Win32/Kryptik.FDD trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\06302010_125820\C_Users\jerome\AppData\Local\Temp\s94z3dio.exe a variant of Win32/Kryptik.FDD trojan cleaned by deleting - quarantined
  4. ummid
    the scan has been running for 3 hours 34 mins now but it stopped at 43%. it said it found one infected file but there are no other buttons or options to pick but "Stop" key. I also run mbam again but it couldn't find any threats.
  5. ummid
    no issues at all. thanks again!!!
  6. ummid
    Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4261 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 6/30/2010 1:10:23 PM mbam-log-2010-06-30 (13-10-23).txt Scan type: Quick scan Objects scanned: 122215 Time elapsed: 5 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) wow, looks like it's fixed! i can't thank you enough for this, elise!
  7. ummid
    i just did the steps you mentioned on your last post, otl asked me to reboot my pc, and here is the log after i did: All processes killed ========== OTL ========== HKU\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ deleted successfully. C:\Windows\SysWOW64\laxe1ioclo.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Run\\hsef87ehf3jishfs87fhuishfsgggfdgs4g deleted successfully. C:\Users\jerome\AppData\Local\Temp\s94z3dio.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sdr8gdrgdrgke49orkgsjkjfjhsd deleted successfully. C:\Users\jerome\AppData\Local\Temp\login.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully. Registry value HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. Registry value HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C3BA40A2-75F1-52BD-F413-04B15A2C8953} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ deleted successfully. File C:\Windows\SysWOW64\laxe1ioclo.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: jerome ->Temp folder emptied: 192371723 bytes ->Temporary Internet Files folder emptied: 279542446 bytes ->Java cache emptied: 20124 bytes ->FireFox cache emptied: 55588467 bytes ->Flash cache emptied: 65264 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 85656 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 503.00 mb OTL by OldTimer - Version 3.2.7.0 log created on 06302010_125820 Files\Folders moved on Reboot... File\Folder C:\Users\jerome\AppData\Local\Temp\~DF4FE0.tmp not found! File\Folder C:\Users\jerome\AppData\Local\Temp\~DF4FFA.tmp not found! File\Folder C:\Users\jerome\AppData\Local\Temp\~DF5093.tmp not found! File\Folder C:\Users\jerome\AppData\Local\Temp\~DF50A5.tmp not found! File\Folder C:\Users\jerome\AppData\Local\Temp\~DF5127.tmp not found! File\Folder C:\Users\jerome\AppData\Local\Temp\~DF5152.tmp not found! File\Folder C:\Windows\temp\hsperfdata_PC$\1996 not found! Registry entries deleted on Reboot...
  8. ummid
    thanks elise, i was also just running gmer the whole time offline after posting those logs and here is what i got: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-30 12:39:45 Windows 6.0.6002 Service Pack 2 Running: 3xgt6lsm.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4D 0xC8 0x8C 0xC5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8B 0xDC 0xE4 0x71 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB0 0xD6 0x53 0x14 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4D 0xC8 0x8C 0xC5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8B 0xDC 0xE4 0x71 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB0 0xD6 0x53 0x14 ... ---- Files - GMER 1.0.15 ---- File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4E0AFDAD-5924-46FD-8D40-539D85F9874E} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6CAA968-B1D3-4414-B4E5-5A68DE4F1D1F} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B006055E-4368-474F-98D0-B601D49CB9FD} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B6D65B2F-1BE9-4C34-A02D-4966ED7E3C31} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{40C59336-D6BE-4831-BEC2-8F2B22F906D2} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AA118090-7C63-452C-909F-99727B4F9581} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BE9CA769-8235-4EA8-A014-347703354C75} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{959192DB-1DA2-452A-9C52-7D484D4FB597} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8C6368B1-3456-4948-B005-6FD24D0DB718} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B1BC384C-9AAF-4D8E-AF68-AD049F3CC36F} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BD13DF96-4881-4168-8910-02BF4D8CFA2E} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5C51647B-BEC3-4F41-8856-E3507905F718} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{351DB66A-ADB2-48AA-8D4D-E98CD94F2078} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C0B6C031-00C2-470E-B720-B99A9503309A} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3C02E7E9-F028-4858-96B5-C844B233AEC0} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{487BFD5B-78D4-40E5-8574-D8BA162665B7} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E45638CE-D9F4-47FB-B45B-7DE14F623317} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B2FC0506-BB0A-4D37-85C7-AAED22CC8026} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F51E107F-A7B8-467E-9CEE-A05D8C55DEC3} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{47DADAEF-0C02-40C1-BCD4-24779D0EF3E1} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CB55F44B-C015-4D9E-BCCA-9596DD22A19F} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D69B022F-C942-4AAD-A69D-0C8ED591D074} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BA4C402E-0977-4427-9DC2-320E6C81465A} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{782FFBAB-056A-4FCC-A9F2-3D882EE3CE91} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1DCC2A1B-5D1C-4952-A4D9-8372505BC0E1} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD99FA36-5812-40F6-A105-B541B0350824} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD9DA1F8-2932-4555-9212-B168326862D0} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E12E2B0D-9246-4953-B7AC-97A6D4CD0F89} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{091CFE2C-47DA-4BBF-BAC7-A7B5E3CF6264} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5C8AF886-A6D9-468C-9F4C-0D52E3BA0D27} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17877563-E232-413D-805A-E0C03DC2E57D} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{45B648A1-DA3A-47EA-8987-13929FA1A793} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5E539286-3369-40C0-952B-52F884D3BCF5} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{884EA491-7D09-4549-A576-5E07B1AF5993} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1F153454-46B1-4C1C-8DD1-738EA3D5C1E1} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1F1A075F-024E-4400-A1C9-FFA56F1E219D} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F588ACC0-2E95-4F8B-96F3-1C5DAB079403} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1A54D969-372C-4EA8-843D-A801C76FE8A3} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17294D68-1D15-4574-9952-9F7C1869CFD0} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D45152EB-45FD-4554-9BB4-C4FA4C3D271A} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{57350FEC-F4AF-44FA-9432-B2EFAFE9EA74} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A1C01289-8336-4BD0-8AB7-4B82CBEED351} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{43EB573C-320C-49D8-8C38-840CCFAF0C65} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{905F6CAE-7856-4447-A4CB-F908F882D8D9} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E61899E9-A20F-4E02-86F7-FE20B31100F9} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E61C2BB9-3D69-4D9B-A330-530D34B1F689} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B385D46E-47D7-466A-BF0D-4159F7FC8818} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CA91B990-8D2A-44B2-A189-3EFF18E2E38D} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{22163A03-445F-44B9-B2B2-00A2FE26C66F} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{126E5031-3303-41B2-A7BA-6AB9CD89B1D9} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BEEC3E09-17BB-4FD9-BA2D-FC86CE9A9AA9} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A91006BC-A5D6-4597-A00C-58726C8A0FE0} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{26417517-0216-41C5-BFED-A6E4E677DE43} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4C44B797-B3A9-4C47-B82E-74E8E632FF66} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{28361CEF-307A-43EA-A858-A5ADF2C2FF87} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{97CE1283-5633-4B1F-98AE-3E35D3648C07} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6A850F1B-8B1D-4DF9-9567-1DC7C6FCEEF8} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{227C00E4-1B0D-46CB-9377-89550B2E2073} 0 bytes File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{858 ---- EOF - GMER 1.0.15 ---- i also cut off the rest of those windows defender\scans\history\results\resource since it was too long and it wont let me post the message. do you still want me to do those steps you just mentioned or does this log change anything? thanks again for the quick response.
  9. ummid
    OTL logfile created on: 6/30/2010 11:30:42 AM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\jerome\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 61.00% Memory free 16.00 Gb Paging File | 13.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 685.08 Gb Total Space | 319.14 Gb Free Space | 46.58% Space Free | Partition Type: NTFS Drive D: | 13.41 Gb Total Space | 1.84 Gb Free Space | 13.72% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC Current User Name: jerome Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/30 11:30:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\jerome\Downloads\OTL.exe PRC - [2010/06/30 10:39:44 | 000,048,640 | ---- | M] () -- C:\Users\jerome\AppData\Local\Temp\1981157088.exe PRC - [2010/06/30 08:18:09 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\system.exe PRC - [2010/06/30 08:18:09 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\notepad.exe PRC - [2010/06/30 08:11:24 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\sysedit.exe PRC - [2010/06/30 08:11:24 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\setup.exe PRC - [2010/06/30 08:11:23 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\user.exe PRC - [2010/06/30 05:56:30 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\cmd.exe PRC - [2010/06/30 05:56:30 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\avp.exe PRC - [2010/06/30 05:56:29 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\winamp.exe PRC - [2010/06/30 05:56:29 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\login.exe PRC - [2010/06/30 05:52:52 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\smss.exe PRC - [2010/06/30 05:52:51 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\spoolsv.exe PRC - [2010/06/30 05:52:50 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\win.exe PRC - [2010/06/30 05:52:50 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\hexdump.exe PRC - [2010/06/30 05:52:49 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\wininst.exe PRC - [2010/06/30 02:46:27 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\mdm.exe PRC - [2010/06/29 23:23:56 | 000,030,001 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\s94z3dio.exe PRC - [2010/06/28 11:09:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010/06/28 11:09:12 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010/02/22 11:46:10 | 000,390,824 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe PRC - [2009/01/23 11:11:44 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/09/24 07:40:02 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe PRC - [2008/09/24 07:39:56 | 000,118,784 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe PRC - [2008/09/04 07:21:50 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe PRC - [2008/09/04 07:14:52 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe PRC - [2008/09/04 07:14:44 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\BeepApp.exe ========== Modules (SafeList) ========== MOD - [2010/06/30 11:30:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\jerome\Downloads\OTL.exe MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/05/27 11:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/02/20 18:14:26 | 000,427,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS) SRV:64bit: - [2010/02/20 18:14:26 | 000,427,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC) SRV:64bit: - [2009/04/11 02:11:13 | 000,058,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV:64bit: - [2009/04/11 02:10:28 | 000,190,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers) SRV:64bit: - [2008/01/20 21:51:26 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2006/11/02 10:03:41 | 000,009,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/02/20 18:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/02/20 18:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009/03/16 17:48:00 | 002,849,757 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2008/09/04 07:21:50 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert) SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/05/27 12:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010/05/27 12:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/05/27 11:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009/11/07 03:15:02 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/08/28 08:20:02 | 000,118,016 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\qscnusb.sys -- (MobileAdapter) DRV:64bit: - [2009/04/11 00:42:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST) RMCAST (Pgm) DRV:64bit: - [2009/04/08 01:58:18 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2008/10/09 19:04:04 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2008/09/09 20:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000}) DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008/05/28 20:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter) DRV:64bit: - [2008/02/26 12:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364) DRV:64bit: - [2008/01/20 21:51:49 | 000,167,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2007/02/05 10:22:12 | 000,161,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2004/12/31 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.worldofwarcraft.com/index.xml IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.worldofwarcraft.com/index.xml" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 11:09:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/28 11:09:13 | 000,000,000 | ---D | M] [2009/04/20 05:57:02 | 000,000,000 | ---D | M] -- C:\Users\jerome\AppData\Roaming\Mozilla\Extensions [2010/06/29 18:36:20 | 000,000,000 | ---D | M] -- C:\Users\jerome\AppData\Roaming\Mozilla\Firefox\Profiles\df4fzjog.default\extensions [2009/09/03 20:00:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jerome\AppData\Roaming\Mozilla\Firefox\Profiles\df4fzjog.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/12/12 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\jerome\AppData\Roaming\Mozilla\Firefox\Profiles\df4fzjog.default\extensions\firefox@tvunetworks.com [2010/06/29 18:36:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2010/03/18 01:01:05 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.) O2 - BHO: (C:\Windows\SysWow64\laxe1ioclo.dll) - {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - C:\Windows\SysWOW64\laxe1ioclo.dll () O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\Users\jerome\AppData\Local\Temp\s94z3dio.exe () O4 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\Users\jerome\AppData\Local\Temp\login.exe () O4 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1 O7 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - jahs8973fioafnh98fasfw3gadfgjdsdf - C:\Windows\SysWOW64\laxe1ioclo.dll () O24 - Desktop WallPaper: C:\Users\jerome\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O24 - Desktop BackupWallPaper: C:\Users\jerome\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{065b9165-cb76-11de-88ec-002421143a41}\Shell - "" = AutoRun O33 - MountPoints2\{065b9165-cb76-11de-88ec-002421143a41}\Shell\AutoRun\command - "" = J:\Torchlight_Setup.exe -- File not found O33 - MountPoints2\{dfe6422d-1d9d-11df-9d8d-002421143a41}\Shell - "" = AutoRun O33 - MountPoints2\{dfe6422d-1d9d-11df-9d8d-002421143a41}\Shell\AutoRun\command - "" = K:\HWPcAssistant.exe -- File not found O33 - MountPoints2\{dfe6423a-1d9d-11df-9d8d-002421143a41}\Shell - "" = AutoRun O33 - MountPoints2\{dfe6423a-1d9d-11df-9d8d-002421143a41}\Shell\AutoRun\command - "" = K:\HWPcAssistant.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/30 03:57:23 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Roaming\Avira [2010/06/30 03:53:26 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010/06/30 03:53:26 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010/06/30 03:53:26 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010/06/30 03:53:26 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010/06/30 03:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010/06/30 03:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010/06/29 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Local\ijgfhslxc [2010/06/29 23:23:52 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Roaming\C09EAE9584048127607F22894E30CD0B [2010/06/19 08:45:40 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Roaming\vlc [2010/06/18 18:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010/06/09 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Roaming\LolClient [2010/06/09 09:04:28 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2010/06/09 09:04:28 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2010/06/09 09:04:27 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2010/06/09 09:00:26 | 000,000,000 | ---D | C] -- C:\Riot Games [2010/06/09 08:41:50 | 000,000,000 | ---D | C] -- C:\Users\jerome\Desktop\LeagueOfLegends6.8 [2010/06/09 08:41:41 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Local\PMB Files [2010/06/09 08:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2010/06/09 08:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2010/06/08 09:15:37 | 000,000,000 | ---D | C] -- C:\Users\jerome\Warcraft III 1.21b TFT Installer enUS [2010/06/05 22:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle [2010/06/03 19:21:01 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Roaming\Auslogics [2010/06/03 19:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/30 11:32:54 | 002,621,440 | -HS- | M] () -- C:\Users\jerome\NTUSER.DAT [2010/06/30 09:34:25 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/30 09:34:25 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/30 03:53:34 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/06/30 03:40:44 | 000,819,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/06/30 03:40:44 | 000,687,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/06/30 03:40:44 | 000,133,902 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/06/30 03:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/30 03:31:46 | 000,524,288 | -HS- | M] () -- C:\Users\jerome\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010/06/30 03:31:46 | 000,065,536 | -HS- | M] () -- C:\Users\jerome\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010/06/30 03:31:45 | 006,291,456 | -H-- | M] () -- C:\Users\jerome\AppData\Local\IconCache.db [2010/06/30 00:25:04 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2010/06/29 23:26:27 | 000,002,744 | ---- | M] () -- C:\Users\jerome\AppData\Local\opariyij.dll [2010/06/29 23:23:56 | 000,030,000 | ---- | M] () -- C:\Windows\SysWow64\laxe1ioclo.dll [2010/06/28 13:37:38 | 000,199,168 | ---- | M] () -- C:\Users\jerome\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/25 16:24:13 | 000,000,198 | ---- | M] () -- C:\Windows\tasks\{3A0B0413-E16C-43EB-A36D-BA1D4D835B78}.job [2010/06/19 08:45:12 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010/06/16 00:01:02 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010/06/09 09:04:30 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2010/06/08 09:58:00 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk [2010/06/08 09:15:50 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Warcraft III.lnk [2010/06/07 18:59:12 | 000,079,276 | ---- | M] () -- C:\Users\jerome\Documents\dimmuferalmech.xml [2010/06/07 04:48:31 | 000,079,280 | ---- | M] () -- C:\Users\jerome\Documents\dimmulkhmdone.xml [2010/06/05 17:16:38 | 000,000,374 | ---- | M] () -- C:\Users\jerome\Documents - Shortcut.lnk [2010/06/05 01:35:30 | 000,001,356 | ---- | M] () -- C:\Users\jerome\AppData\Local\d3d9caps.dat [2010/06/03 19:30:43 | 000,000,968 | ---- | M] () -- C:\Users\jerome\Desktop\Auslogics BoostSpeed.lnk [2010/06/03 19:20:59 | 000,000,973 | ---- | M] () -- C:\Users\jerome\Desktop\Auslogics Disk Defrag.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/30 03:53:34 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/06/30 03:49:32 | 000,440,988 | ---- | C] () -- C:\Users\jerome\AppData\Local\dd_vcredistMSI1854.txt [2010/06/30 03:49:32 | 000,011,714 | ---- | C] () -- C:\Users\jerome\AppData\Local\dd_vcredistUI1854.txt [2010/06/29 23:26:27 | 000,002,744 | ---- | C] () -- C:\Users\jerome\AppData\Local\opariyij.dll [2010/06/29 23:23:56 | 000,030,000 | ---- | C] () -- C:\Windows\SysWow64\laxe1ioclo.dll [2010/06/25 16:24:13 | 000,000,198 | ---- | C] () -- C:\Windows\tasks\{3A0B0413-E16C-43EB-A36D-BA1D4D835B78}.job [2010/06/19 08:45:12 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010/06/09 09:04:30 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2010/06/08 09:57:46 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk [2010/06/08 09:14:46 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Warcraft III.lnk [2010/06/07 05:23:26 | 000,079,276 | ---- | C] () -- C:\Users\jerome\Documents\dimmuferalmech.xml [2010/06/05 17:16:38 | 000,000,374 | ---- | C] () -- C:\Users\jerome\Documents - Shortcut.lnk [2010/06/03 19:30:43 | 000,000,968 | ---- | C] () -- C:\Users\jerome\Desktop\Auslogics BoostSpeed.lnk [2010/06/03 19:20:59 | 000,000,973 | ---- | C] () -- C:\Users\jerome\Desktop\Auslogics Disk Defrag.lnk [2010/03/22 09:26:20 | 000,773,092 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/09/11 03:54:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/11 03:53:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/01/21 20:36:00 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009/01/21 02:41:41 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/01/21 02:41:41 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2008/11/12 05:58:30 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2008/11/12 05:58:30 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008/09/19 06:59:22 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini ========== Files - Unicode (All) ========== [2009/08/19 04:25:23 | 000,000,000 | ---D | M](C:\Users\jerome\Documents\?????) -- C:\Users\jerome\Documents\????? [2009/08/19 04:25:23 | 000,000,000 | ---D | C](C:\Users\jerome\Documents\?????) -- C:\Users\jerome\Documents\????? [2009/08/19 04:11:38 | 000,001,938 | ---- | M] ()(C:\Users\jerome\Desktop\????!.lnk) -- C:\Users\jerome\Desktop\?????.lnk [2009/08/19 04:11:38 | 000,001,938 | ---- | C] ()(C:\Users\jerome\Desktop\????!.lnk) -- C:\Users\jerome\Desktop\?????.lnk [2009/08/19 04:11:33 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????) -- C:\Program Files (x86)\????? (C:\Program Files (x86)\?????) -- C:\Program Files (x86)\????? ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\jerome\Documents\yummy.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\jerome\Documents\karla spice.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\jerome\Documents\Asian girls do it best.mpeg:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\jerome\Documents\89d4402dc03d3b7.avi:TOC.WMV @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:07BF512B @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report > OTL Extras logfile created on: 6/30/2010 11:30:42 AM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\jerome\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 61.00% Memory free 16.00 Gb Paging File | 13.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 685.08 Gb Total Space | 319.14 Gb Free Space | 46.58% Space Free | Partition Type: NTFS Drive D: | 13.41 Gb Total Space | 1.84 Gb Free Space | 13.72% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC Current User Name: jerome Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 49 C7 CD C4 64 35 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{24118095-4CEC-4123-9C1A-57342E2D877A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10A78856-0152-4EC5-BD19-D778ED2BA045}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | "{1A70BFE8-FDB4-4A8F-9E96-DE55CABE5ACA}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{1CACF79C-E4F3-4169-A398-1C3E9041DEB1}" = protocol=6 | dir=in | app=c:\users\jerome\downloads\systemcheck_enus(3).exe | "{2178BA70-E86B-496F-BBD0-B699FCB6CE11}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{232ED459-E864-4878-8D58-527ACB1E7B09}" = protocol=17 | dir=in | app=c:\users\jerome\downloads\systemcheck_enus(3).exe | "{25A2CCB2-711C-4E10-B915-81ACEB9806C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{264BF74D-F80C-4595-88CB-644F4187AA86}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{2B6B6A28-5902-4F44-9A95-8A9A32897069}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{2C149431-EA31-49CE-9B67-448568202996}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{2DB7B4A8-F435-4103-8C97-DD92016E64BA}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe | "{32671446-149E-469A-8FA4-DD3B77669CE4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | "{35F58AC2-6F7E-4218-8178-D03C8CD7B1E3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe | "{39309AC9-D6AD-471C-960D-145C04C2F973}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{3E69C719-125A-4DDF-9AB0-102BA6283E83}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{3EFD00B4-45EC-4F2B-AFC2-30296F7B828B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe | "{40899947-A3BE-48E5-B58D-DB10DD469042}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{493D44BC-F93A-4587-B116-77E6F0F7115A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{536B3DA7-1700-496C-83F2-2B50E3CECF23}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe | "{560756BE-31E1-4313-946C-F3FB89FDEFDA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{58E17E0F-2C1D-4E5B-A485-5EA94E89713B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | "{5C9F4A6E-2F39-4251-945B-A2D7990D4ECA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | "{63FD5652-BF90-45DF-89D5-76D7F39D8CCE}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe | "{67858226-4F95-4045-84EF-793CEF268F2B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{67B2ACCD-1083-477F-9F8C-5F2D587F94C4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{697FBCAB-1F93-40A2-A330-9C6D86E57416}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{743F63EB-D04E-492E-B7F2-2240562E85DF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | "{86DCE10A-B830-49DA-9193-EE82FD607C0E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{89CDE63F-D525-4AA5-8177-3EDA53091909}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | "{8C5F1A0E-031C-4F90-B192-D31A53372783}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | "{8DEBC0C9-914D-4B89-9B46-A24848876BE5}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe | "{9242C304-CDBE-4641-9601-B165970C9B23}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "{956420F2-C0FE-43C2-9AC0-B17882E55575}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{9C0A5DC3-2FD4-4B8F-8440-88121C8416D6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | "{ADB0D170-AD4A-41A2-BE93-70B5CCD2E960}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{B33D65D2-8284-47A6-AD0A-290B984C9CD9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{B48B676B-EF0D-4239-8C4B-D906AA473523}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{B86BBFEF-FDAC-4888-B84E-EE1D51932546}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{BE38E6FA-A4FC-4EF5-B4FB-C76AFB96F834}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{C284FD08-D566-4886-9A5A-9A1ACC7778C4}" = protocol=6 | dir=in | app=c:\users\jerome\desktop\msgr10us.exe | "{CCC6EB8E-8330-4102-BE6F-AD3045A11D8B}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe | "{F3EA80CE-2B51-4871-BFD5-D28B5E76D1DD}" = protocol=17 | dir=in | app=c:\users\jerome\desktop\msgr10us.exe | "{F713D7D4-8DCD-4C2B-ABFB-F54BD5081EEF}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "TCP Query User{0E0633D4-2ADB-46FB-AB1E-042B22B5EF60}C:\program files (x86)\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "TCP Query User{0F3B43F6-4CBB-4071-BDB2-A5A72F22FD53}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{24CDF4EE-7582-488F-83CD-EFFD1DBFD2E1}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{2EFBCEEC-6370-45BC-82B2-50911CA66E58}C:\users\jerome\appdata\local\temp\blizzard launcher temporary - 30fef800\launcher.exe" = protocol=6 | dir=in | app=c:\users\jerome\appdata\local\temp\blizzard launcher temporary - 30fef800\launcher.exe | "TCP Query User{504564D2-9EE6-47E2-B36E-5B3B39BA2DF0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{60EC1A44-38D2-4594-849C-FB4B0E9FB7F5}C:\ijji\english\u_gbound.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gbound.exe | "TCP Query User{6272D48B-3EC1-4C9D-A6DC-759F30A1373F}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "TCP Query User{68D64B08-052D-4B57-ADF8-F079F403A526}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{6E6C5BDA-528D-4118-B59D-E510957F17A9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{86260CFA-F4ED-489A-B049-1BF1F34DB4C1}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{907151D3-222C-4FCC-8C76-505AC0B16BBC}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe | "TCP Query User{A01ED073-AD26-43EC-A137-7B3EECCF77C5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{C6D20E40-673A-426B-8EDC-E48FFDE46A1A}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "TCP Query User{D9055AC9-7E73-4B34-B158-8108C5276426}C:\program files (x86)\raptr\raptrbt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptrbt.exe | "TCP Query User{DCCC03B4-67BE-49DA-9228-FC91F1502D9E}C:\program files (x86)\english\gunbound revolution\gunbound.gme" = protocol=6 | dir=in | app=c:\program files (x86)\english\gunbound revolution\gunbound.gme | "TCP Query User{E5A885E0-CE17-4FBC-AF66-EF75B01A19E3}C:\users\jerome\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\jerome\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe | "TCP Query User{E6FC897C-9259-45FA-967F-83CE0DA88973}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{F5F64748-9859-49FC-B5F6-5C7B52E0B183}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{F93897AB-EF70-4F2E-89A8-CEA93822C117}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{FF059FEC-30EF-4A7D-9566-C115AC1C7B5D}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{37C66644-FDE4-4D71-B6D4-B69F478F24AE}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | "UDP Query User{44839FDF-F4A8-4D4F-B9F7-D96335825EB1}C:\users\jerome\appdata\local\temp\blizzard launcher temporary - 30fef800\launcher.exe" = protocol=17 | dir=in | app=c:\users\jerome\appdata\local\temp\blizzard launcher temporary - 30fef800\launcher.exe | "UDP Query User{54A2843E-0C16-47D5-9C27-3B47CE70471A}C:\program files (x86)\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | "UDP Query User{59B114FA-E829-4F89-B70F-C1FC09B3B6B8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{5B5C33D4-B253-4430-ACB1-F8FD0224C0D3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{5E147ACF-3D1E-41E6-8439-6A664B34BBB1}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "UDP Query User{64EC0DFC-1C10-4997-8A5A-75319AE3B4E2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{8E6F38CF-C3EC-41C7-9E23-30176B623BFB}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{9817F523-9083-41EB-ADD7-0AD09B1EF5E0}C:\ijji\english\u_gbound.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gbound.exe | "UDP Query User{9CEE6D7E-10AD-4850-9942-6C0285A0EEE5}C:\users\jerome\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\jerome\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe | "UDP Query User{9F728CCF-7F47-455D-9A4A-9759E6607AF5}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{A6125EBE-C949-48EC-883E-04A2F67AAD67}C:\program files (x86)\raptr\raptrbt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptrbt.exe | "UDP Query User{A88B3082-F6E5-41EA-9899-7578856E7242}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{BB4F51EF-BE9A-4C19-95C5-A573BFD40182}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "UDP Query User{D0CDB91F-27A3-4B34-BCB8-02B0E35CB390}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{DD16D79A-DF0B-4CF4-9DBA-308F4670D754}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{E273E6EA-1650-4F79-8E94-24F56998A97F}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "UDP Query User{E386716F-6102-4988-97E4-1826DC6E7041}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe | "UDP Query User{E7B1E907-24FB-44DE-9F67-402364C84C02}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{F4430589-DBF6-41CF-A2F2-EC9863298D55}C:\program files (x86)\english\gunbound revolution\gunbound.gme" = protocol=17 | dir=in | app=c:\program files (x86)\english\gunbound revolution\gunbound.gme | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer
  10. ummid
    www.malwarebytes.org Database version: 4260 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 6/30/2010 3:40:30 AM mbam-log-2010-06-30 (03-40-30).txt Scan type: Quick scan Objects scanned: 121917 Time elapsed: 5 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4260 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 6/30/2010 3:31:03 AM mbam-log-2010-06-30 (03-31-03).txt Scan type: Quick scan Objects scanned: 122248 Time elapsed: 2 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) hello, i keep getting all these infected items whenever i run malwarebytes and it keeps asking to restart my computer, but whenever i restart it and rescan, i still keep getting the same infected items on the results page. help would be very much appreciated. thanks in advance!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.