goawayvirus
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by goawayvirus
-
-
THank you very much for helping me!
VirusTotal report:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: f2ba6f31e7dac6523dba1e5193f57b48
Date first seen: 2009-04-04 02:54:27 (UTC)
Date last seen: 2011-04-14 01:53:45 (UTC)
Detection ratio: 0/42
I clicked reanalyze:
File name:
InfDefaultInstall.exe
Submission date:
2011-04-15 07:49:10 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.04.15.00 2011.04.15 -
AntiVir 7.11.6.133 2011.04.15 -
Antiy-AVL 2.0.3.7 2011.04.15 -
Avast 4.8.1351.0 2011.04.14 -
Avast5 5.0.677.0 2011.04.14 -
AVG 10.0.0.1190 2011.04.14 -
BitDefender 7.2 2011.04.15 -
CAT-QuickHeal 11.00 2011.04.15 -
ClamAV 0.97.0.0 2011.04.15 -
Commtouch 5.2.11.5 2011.04.15 -
Comodo 8347 2011.04.15 -
DrWeb 5.0.2.03300 2011.04.15 -
Emsisoft 5.1.0.5 2011.04.15 -
eSafe 7.0.17.0 2011.04.13 -
eTrust-Vet 36.1.8272 2011.04.14 -
F-Prot 4.6.2.117 2011.04.14 -
F-Secure 9.0.16440.0 2011.04.15 -
Fortinet 4.2.257.0 2011.04.15 -
GData 22 2011.04.15 -
Ikarus T3.1.1.103.0 2011.04.15 -
Jiangmin 13.0.900 2011.04.15 -
K7AntiVirus 9.96.4382 2011.04.13 -
Kaspersky 7.0.0.125 2011.04.15 -
McAfee 5.400.0.1158 2011.04.15 -
McAfee-GW-Edition 2010.1D 2011.04.15 -
Microsoft 1.6702 2011.04.15 -
NOD32 6042 2011.04.15 -
Norman 6.07.07 2011.04.15 -
Panda 10.0.3.5 2011.04.14 -
PCTools 7.0.3.5 2011.04.15 -
Prevx 3.0 2011.04.15 -
Rising 23.53.03.06 2011.04.14 -
Sophos 4.64.0 2011.04.15 -
SUPERAntiSpyware 4.40.0.1006 2011.04.14 -
Symantec 20101.3.2.89 2011.04.15 -
TheHacker 6.7.0.1.173 2011.04.13 -
TrendMicro 9.200.0.1012 2011.04.15 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.15 -
VBA32 3.12.16.0 2011.04.13 -
VIPRE 9017 2011.04.15 -
ViRobot 2011.4.15.4411 2011.04.15 -
VirusBuster 13.6.305.0 2011.04.14 -
Additional information
MD5 : f2ba6f31e7dac6523dba1e5193f57b48
SHA1 : a2285be7a6c785219fa4a62a2dbbd17d3b7dc187
SHA256: eb66d4fe05c793f5633fb4edb37025b6a46b91d71e3b7862e5e5f87c42d97d1c
After my first post, I tried running rkill a few more times, and a C:\Windows\SysWOW64\runonce.exe showed up several times. Its VirusTotal result is also 0%, and the same with conime.exe.
The last rkill report:
Processes terminated by Rkill or while it was running:
C:\Windows\SysWOW64\InfDefaultInstall.exe
C:\Windows\SysWOW64\runonce.exe
Rkill completed on 04/15/2011 at 3:48:36.
I know running rkill is unnecessary if my anti-virus softwares run, but before I noticed my computer acting slow/weird rkill always finished within 5seconds and only terminates itself. It takes a while for it to finish now, and always listing these processes.
I really don't know what I'm doing regarding viruses and how to tell if my computer is clean. MBAM says my computer is clean, Avira gives me a couple spyware in temp folders.
Can you help me make sure nothing's wrong (and I'm just being dumb)?
Thanks a lot!
-
Hello
I did a windows update with several updates and restarted my computer yesterday. When it rebooted, I noticed it was running very slow and freezing up. I updated MBAM and scanned, but got no results. I downloaded rkill and ran it in safe mode and it killed 3 "conime" exe's; I ran MBAM immediately following and still no results. I ran rkill again, and this time (and all following attempts) it killed "C:\Windows\SysWOW64\InfDefaultInstall.exe". MBAM still shows nothing.
Avira found C:\Program Files (x86)\Common Files\MS\MSOLEDEBROW.DLL (amongst false hits), and quarantined it.
rkill is still killing processes that appear in the SysWOW64 folder, and I don't know what else may be lurking on my computer.
This is my play computer; I mostly play games, surf the internet, chat, and do light work on it.
I simply replaced instances of my name with "Owner" (for privacy) using Notepad in the logs--I hope that's okay.
Please help me determine what's wrong! Thank you!
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6359
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
4/14/2011 3:03:04 AM
mbam-log-2011-04-14 (03-03-04).txt
Scan type: Quick scan
Objects scanned: 163816
Time elapsed: 2 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Owner at 2:09:50.78 on Thu 04/14/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Microsoft
-
That did it! I went into the security settings and gave myself all permissions again, so now everything seems back to normal.
I haven't noticed any search redirects anymore so far either.
Thank you so much for fixing my computer!
-
I also noticed that my "Documents and settings" folder is hidden and gives "Access is denied" message, although mbam seems to give me clean results now.
What should I do next?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4594
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
9/11/2010 2:24:08 PM
mbam-log-2010-09-11 (14-24-08).txt
Scan type: Quick scan
Objects scanned: 137313
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Quarantined and deleted successfully.
OTL quick scan log:
OTL logfile created on: 9/11/2010 2:25:14 PM - Run 6
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 4.99 Gb Free Space | 1.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACORN
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/28 21:17:13 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\SwitchDesk.exe
PRC - [2009/08/24 16:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2008/04/24 21:46:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
PRC - [2008/04/24 21:46:32 | 000,116,224 | ---- | M] (VirtuaWin) -- C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
========== Modules (SafeList) ==========
MOD - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2008/09/02 07:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\cypherixsrv.exe -- (cypherixservice)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/11/28 16:40:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/03 13:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [On_Demand | Stopped] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)
SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2006/12/10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\FDCENT.SYS -- (FDCENT)
DRV:64bit: - [2010/05/01 00:44:31 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/26 19:06:36 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/14 22:06:34 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/08/14 22:06:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2008/09/05 14:54:12 | 000,102,392 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\cyphxdrv.sys -- (cyphxdrv)
DRV:64bit: - [2008/06/06 17:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/09/10 17:08:49 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/09/06 16:56:19 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2008/01/15 17:09:42 | 000,047,470 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCENT.SYS -- (FDCENT)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {76D00298-1B6D-4487-AC9A-A797951ED953}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{76D00298-1B6D-4487-AC9A-A797951ED953}: C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}\ [2010/07/08 23:59:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/08 13:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/08 13:59:29 | 000,000,000 | ---D | M]
[2009/08/09 03:29:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions
[2010/02/27 12:21:42 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/04/28 19:17:28 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/09/09 02:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/04/28 06:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell - "" = AutoRun
O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{d64c17e0-8b1c-11df-97c1-00241d755acd}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/10 16:58:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/08 18:47:23 | 001,137,528 | ---- | C] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe
[2010/09/06 15:28:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/09/06 00:24:22 | 000,000,000 | -HSD | C] -- C:\Users\Owner\.COMMgr
[2010/09/06 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\qkycsinrg
[2010/09/06 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Server
[2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785
[2010/09/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV Demux All
[2010/09/01 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MKVExtractGUI-1.6.4.1
[2010/09/01 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix
[2010/09/01 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix
[2010/09/01 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer
[2010/09/01 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
[2010/08/31 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Uta Asobi (Uta Ashiibi)
[2010/08/31 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Utabautayun
[2010/08/21 14:13:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/08/20 04:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\100MEDIA
[2010/08/20 03:30:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DCIM
[2010/08/06 23:14:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2010/08/06 23:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mp3 Wma Ogg Converter
[2010/08/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PasswordSafe
[2010/08/06 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe
[2010/08/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\beat crusaders
[2010/08/05 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\enka
[2010/07/30 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA
[2010/07/29 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - IDENTITY
[2010/07/28 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/27 06:24:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Tokyo Jihen - Sports
[2010/07/26 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder
[2010/07/21 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - BoA
[2010/07/18 02:03:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/07/18 02:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/07/18 01:21:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft Games
[2010/07/17 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Toribash
[2010/07/16 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[asian+nation] Tokyo Jihen - Goraku (Variety) [2007.09.26]
[2010/07/15 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Album
[2010/07/15 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Singles
[2010/07/10 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DESKTOP
[2010/07/08 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}
[2010/07/08 13:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame
[2010/06/23 17:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub
[2010/06/22 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\WBGames
========== Files - Modified Within 90 Days ==========
[2010/09/11 14:24:12 | 002,097,152 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/09/11 13:29:54 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/11 13:29:53 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/11 13:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/10 17:15:14 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/10 17:15:14 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/10 17:15:14 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/10 17:08:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/10 17:08:35 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 17:07:44 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TMContainer00000000000000000001.regtrans-ms
[2010/09/10 17:07:44 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TM.blf
[2010/09/10 17:07:37 | 002,215,813 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/09/09 16:11:04 | 003,382,241 | ---- | M] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf
[2010/09/08 18:47:53 | 001,137,528 | ---- | M] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe
[2010/09/06 16:56:19 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/09/06 04:13:22 | 000,002,891 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.zip
[2010/09/06 03:34:04 | 000,293,376 | ---- | M] () -- C:\Users\Owner\Desktop\0ym8hil9.exe
[2010/09/06 03:29:21 | 000,525,824 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2010/09/06 03:24:05 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2010/09/06 03:14:06 | 000,007,736 | ---- | M] () -- C:\Users\Owner\Desktop\pwsafe.dat
[2010/09/04 13:22:27 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/09/03 23:18:16 | 000,104,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/01 22:01:09 | 000,940,358 | ---- | M] () -- C:\Users\Owner\Desktop\hw1.1.zip
[2010/09/01 21:12:30 | 014,388,036 | ---- | M] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf
[2010/09/01 20:29:00 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk
[2010/08/19 22:57:43 | 002,300,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/06 20:36:18 | 000,000,869 | ---- | M] () -- C:\Users\Owner\Desktop\Password Safe.lnk
[2010/08/06 20:31:02 | 000,007,360 | ---- | M] () -- C:\Users\Owner\Desktop\pw.bak
[2010/07/28 15:44:40 | 000,000,533 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat
[2010/07/08 23:59:39 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat
[2010/07/08 23:59:39 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin
========== Files Created - No Company Name ==========
[2010/09/09 16:10:19 | 003,382,241 | ---- | C] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf
[2010/09/06 16:16:14 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/06 04:13:22 | 000,002,891 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.zip
[2010/09/06 03:34:03 | 000,293,376 | ---- | C] () -- C:\Users\Owner\Desktop\0ym8hil9.exe
[2010/09/06 03:29:18 | 000,525,824 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2010/09/06 03:24:04 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2010/09/06 02:31:17 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/01 22:01:09 | 000,940,358 | ---- | C] () -- C:\Users\Owner\Desktop\hw1.1.zip
[2010/09/01 21:11:57 | 014,388,036 | ---- | C] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf
[2010/09/01 20:29:00 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk
[2010/08/23 19:50:42 | 000,007,736 | ---- | C] () -- C:\Users\Owner\Desktop\pwsafe.dat
[2010/08/06 20:36:18 | 000,000,869 | ---- | C] () -- C:\Users\Owner\Desktop\Password Safe.lnk
[2010/08/06 20:30:26 | 000,007,360 | ---- | C] () -- C:\Users\Owner\Desktop\pw.bak
[2010/07/08 23:59:39 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat
[2010/07/08 23:59:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin
[2010/05/13 18:17:41 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010/05/02 20:46:17 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/21 12:30:46 | 000,002,699 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/03/03 07:30:48 | 000,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll
[2010/03/03 07:30:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/01/17 19:32:37 | 000,000,082 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/15 19:57:44 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010/01/15 19:57:44 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2009/12/08 02:56:41 | 000,001,342 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/12/08 02:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\calera.ini
[2009/12/08 02:56:30 | 000,269,312 | ---- | C] () -- C:\Windows\SysWow64\FPXIG.DLL
[2009/12/08 02:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\IGFPX32P.DLL
[2009/12/08 02:56:30 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\JPEGACC.DLL
[2009/12/08 02:56:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\WELSOF32.DLL
[2009/11/07 18:40:22 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/13 00:52:42 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009/09/12 00:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/12 00:24:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/24 15:43:34 | 000,000,533 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2009/08/14 20:04:32 | 000,104,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/09 21:05:23 | 002,468,130 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NET_Framework35_x64_MSI51FF.txt
[2009/08/09 20:54:25 | 000,200,298 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/08/09 20:54:20 | 000,010,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/08/09 20:54:20 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt
[2009/08/09 20:54:19 | 000,210,472 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt
[2009/08/09 14:34:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/09 13:55:12 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/07/03 20:04:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msoccwordm.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 13:50:17 | 000,016,489 | ---- | C] () -- C:\Windows\SysWow64\mswcncorem.dll
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
========== LOP Check ==========
[2010/09/06 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785
[2009/09/05 00:46:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2009/08/27 04:34:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2009/09/27 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DonationCoder
[2010/08/06 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2010/04/29 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame
[2010/01/15 19:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics
[2009/11/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LockHunter
[2010/09/01 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix
[2010/06/02 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag
[2009/10/25 04:06:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2009/10/29 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
[2010/04/29 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NPLUTO Corporation
[2010/09/10 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/05/01 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VirtuaWin
[2010/02/11 21:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2010/09/10 17:07:39 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 280 bytes -> C:\ProgramData\TEMP:E6E3D650
< End of report >
I also noticed that my "Documents and settings" folder is hidden and gives "Access is denied" message, although mbam seems to give me clean results now.
What should I do next?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4594
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
9/11/2010 2:24:08 PM
mbam-log-2010-09-11 (14-24-08).txt
Scan type: Quick scan
Objects scanned: 137313
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Quarantined and deleted successfully.
OTL quick scan log:
OTL logfile created on: 9/11/2010 2:25:14 PM - Run 6
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 4.99 Gb Free Space | 1.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACORN
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/28 21:17:13 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\SwitchDesk.exe
PRC - [2009/08/24 16:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2008/04/24 21:46:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
PRC - [2008/04/24 21:46:32 | 000,116,224 | ---- | M] (VirtuaWin) -- C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
========== Modules (SafeList) ==========
MOD - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2008/09/02 07:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\cypherixsrv.exe -- (cypherixservice)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/11/28 16:40:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/03 13:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [On_Demand | Stopped] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)
SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2006/12/10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\FDCENT.SYS -- (FDCENT)
DRV:64bit: - [2010/05/01 00:44:31 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/26 19:06:36 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/14 22:06:34 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/08/14 22:06:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2008/09/05 14:54:12 | 000,102,392 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\cyphxdrv.sys -- (cyphxdrv)
DRV:64bit: - [2008/06/06 17:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/09/10 17:08:49 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/09/06 16:56:19 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2008/01/15 17:09:42 | 000,047,470 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCENT.SYS -- (FDCENT)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {76D00298-1B6D-4487-AC9A-A797951ED953}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{76D00298-1B6D-4487-AC9A-A797951ED953}: C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}\ [2010/07/08 23:59:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/08 13:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/08 13:59:29 | 000,000,000 | ---D | M]
[2009/08/09 03:29:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions
[2010/02/27 12:21:42 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/04/28 19:17:28 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/09/09 02:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/04/28 06:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell - "" = AutoRun
O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{d64c17e0-8b1c-11df-97c1-00241d755acd}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/10 16:58:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/08 18:47:23 | 001,137,528 | ---- | C] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe
[2010/09/06 15:28:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/09/06 00:24:22 | 000,000,000 | -HSD | C] -- C:\Users\Owner\.COMMgr
[2010/09/06 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\qkycsinrg
[2010/09/06 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Server
[2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785
[2010/09/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV Demux All
[2010/09/01 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MKVExtractGUI-1.6.4.1
[2010/09/01 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix
[2010/09/01 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix
[2010/09/01 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer
[2010/09/01 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
[2010/08/31 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Uta Asobi (Uta Ashiibi)
[2010/08/31 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Utabautayun
[2010/08/21 14:13:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/08/20 04:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\100MEDIA
[2010/08/20 03:30:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DCIM
[2010/08/06 23:14:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2010/08/06 23:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mp3 Wma Ogg Converter
[2010/08/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PasswordSafe
[2010/08/06 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe
[2010/08/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\beat crusaders
[2010/08/05 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\enka
[2010/07/30 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA
[2010/07/29 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - IDENTITY
[2010/07/28 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/27 06:24:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Tokyo Jihen - Sports
[2010/07/26 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder
[2010/07/21 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - BoA
[2010/07/18 02:03:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/07/18 02:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/07/18 01:21:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft Games
[2010/07/17 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Toribash
[2010/07/16 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[asian+nation] Tokyo Jihen - Goraku (Variety) [2007.09.26]
[2010/07/15 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Album
[2010/07/15 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Singles
[2010/07/10 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DESKTOP
[2010/07/08 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}
[2010/07/08 13:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame
[2010/06/23 17:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub
[2010/06/22 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\WBGames
========== Files - Modified Within 90 Days ==========
[2010/09/11 14:24:12 | 002,097,152 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/09/11 13:29:54 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/11 13:29:53 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/11 13:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/10 17:15:14 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/10 17:15:14 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/10 17:15:14 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/10 17:08:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/10 17:08:35 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 17:07:44 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TMContainer00000000000000000001.regtrans-ms
[2010/09/10 17:07:44 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TM.blf
[2010/09/10 17:07:37 | 002,215,813 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/09/09 16:11:04 | 003,382,241 | ---- | M] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf
[2010/09/08 18:47:53 | 001,137,528 | ---- | M] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe
[2010/09/06 16:56:19 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/09/06 04:13:22 | 000,002,891 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.zip
[2010/09/06 03:34:04 | 000,293,376 | ---- | M] () -- C:\Users\Owner\Desktop\0ym8hil9.exe
[2010/09/06 03:29:21 | 000,525,824 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2010/09/06 03:24:05 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2010/09/06 03:14:06 | 000,007,736 | ---- | M] () -- C:\Users\Owner\Desktop\pwsafe.dat
[2010/09/04 13:22:27 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/09/03 23:18:16 | 000,104,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/01 22:01:09 | 000,940,358 | ---- | M] () -- C:\Users\Owner\Desktop\hw1.1.zip
[2010/09/01 21:12:30 | 014,388,036 | ---- | M] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf
[2010/09/01 20:29:00 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk
[2010/08/19 22:57:43 | 002,300,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/06 20:36:18 | 000,000,869 | ---- | M] () -- C:\Users\Owner\Desktop\Password Safe.lnk
[2010/08/06 20:31:02 | 000,007,360 | ---- | M] () -- C:\Users\Owner\Desktop\pw.bak
[2010/07/28 15:44:40 | 000,000,533 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat
[2010/07/08 23:59:39 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat
[2010/07/08 23:59:39 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin
========== Files Created - No Company Name ==========
[2010/09/09 16:10:19 | 003,382,241 | ---- | C] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf
[2010/09/06 16:16:14 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/09/06 04:13:22 | 000,002,891 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.zip
[2010/09/06 03:34:03 | 000,293,376 | ---- | C] () -- C:\Users\Owner\Desktop\0ym8hil9.exe
[2010/09/06 03:29:18 | 000,525,824 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2010/09/06 03:24:04 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2010/09/06 02:31:17 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/01 22:01:09 | 000,940,358 | ---- | C] () -- C:\Users\Owner\Desktop\hw1.1.zip
[2010/09/01 21:11:57 | 014,388,036 | ---- | C] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf
[2010/09/01 20:29:00 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk
[2010/08/23 19:50:42 | 000,007,736 | ---- | C] () -- C:\Users\Owner\Desktop\pwsafe.dat
[2010/08/06 20:36:18 | 000,000,869 | ---- | C] () -- C:\Users\Owner\Desktop\Password Safe.lnk
[2010/08/06 20:30:26 | 000,007,360 | ---- | C] () -- C:\Users\Owner\Desktop\pw.bak
[2010/07/08 23:59:39 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat
[2010/07/08 23:59:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin
[2010/05/13 18:17:41 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010/05/02 20:46:17 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/21 12:30:46 | 000,002,699 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/03/03 07:30:48 | 000,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll
[2010/03/03 07:30:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/01/17 19:32:37 | 000,000,082 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/15 19:57:44 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010/01/15 19:57:44 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2009/12/08 02:56:41 | 000,001,342 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/12/08 02:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\calera.ini
[2009/12/08 02:56:30 | 000,269,312 | ---- | C] () -- C:\Windows\SysWow64\FPXIG.DLL
[2009/12/08 02:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\IGFPX32P.DLL
[2009/12/08 02:56:30 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\JPEGACC.DLL
[2009/12/08 02:56:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\WELSOF32.DLL
[2009/11/07 18:40:22 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/13 00:52:42 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009/09/12 00:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/12 00:24:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/24 15:43:34 | 000,000,533 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2009/08/14 20:04:32 | 000,104,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/09 21:05:23 | 002,468,130 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NET_Framework35_x64_MSI51FF.txt
[2009/08/09 20:54:25 | 000,200,298 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/08/09 20:54:20 | 000,010,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/08/09 20:54:20 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt
[2009/08/09 20:54:19 | 000,210,472 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt
[2009/08/09 14:34:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/09 13:55:12 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/07/03 20:04:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msoccwordm.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 13:50:17 | 000,016,489 | ---- | C] () -- C:\Windows\SysWow64\mswcncorem.dll
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
========== LOP Check ==========
[2010/09/06 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785
[2009/09/05 00:46:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2009/08/27 04:34:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2009/09/27 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DonationCoder
[2010/08/06 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2010/04/29 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame
[2010/01/15 19:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics
[2009/11/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LockHunter
[2010/09/01 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix
[2010/06/02 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag
[2009/10/25 04:06:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2009/10/29 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
[2010/04/29 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NPLUTO Corporation
[2010/09/10 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/05/01 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VirtuaWin
[2010/02/11 21:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2010/09/10 17:07:39 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 280 bytes -> C:\ProgramData\TEMP:E6E3D650
< End of report >
-
I accidentally closed the OTL log. From what I remember, it seemed to have fixed everything (including nofolderoptions) except msounkernm.dll, which it said "file not found."
MBAM still does not seem able to remove msounkernm.dll.
MBAM report:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4591
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
9/10/2010 5:07:31 PM
mbam-log-2010-09-10 (17-07-31).txt
Scan type: Quick scan
Objects scanned: 137317
Time elapsed: 4 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.
-
Thank you! my task bar is back to normal now. However, I ran mbam again and found 5 more infections. The 3 that say "delete on reboot" seem to be the same ones as before (and stay after reboot). I am also still getting the search redirects in Firefox.
Here is the mbam log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4584
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
9/9/2010 4:22:55 PM
mbam-log-2010-09-09 (16-22-55).txt
Scan type: Quick scan
Objects scanned: 137565
Time elapsed: 3 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snexmrwoca.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Temp\snexmrwoca.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\seancomrwx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
-
Okay. I did as per your instructions.
Is the report the file C:\blitzblank ?
here it is:
BlitzBlank 1.0.0.29
File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\explorer.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\wininit.exe", destinationFile = "(null)", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\explorer.exe", destinationFile = "\??\c:\windows\explorer.exe", replaceWithDummy = 0
MoveFileOnReboot: sourceFile = "\??\c:\wininit.exe", destinationFile = "\??\c:\windows\syswow64\wininit.exe", replaceWithDummy = 0
-
Here is the OTL log after doing that:
OTL logfile created on: 9/7/2010 5:09:46 PM - Run 4
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 9.44 Gb Free Space | 2.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 15.06 Gb Total Space | 14.73 Gb Free Space | 97.82% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACORN
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Custom Scans ==========
< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=5903EB4ADCD7149D691140161AC4A5B6 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: HLP.DAT >
[2009/04/11 02:26:45 | 000,034,699 | ---- | M] () MD5=988D9624B4220182DFF971C1D18D73EC -- C:\Windows\SysWOW64\hlp.dat
[2009/04/11 02:26:45 | 000,034,699 | ---- | M] () MD5=988D9624B4220182DFF971C1D18D73EC -- C:\Windows\SysWOW64\hlp.dat
< MD5 for: WININIT.EXE >
[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=F9007C650A1C12B7D2EDF22F6F63D420 -- C:\Windows\SysWOW64\wininit.exe
[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=F9007C650A1C12B7D2EDF22F6F63D420 -- C:\Windows\SysWOW64\wininit.exe
< End of report >
-
Thanks for helping.
Nothing has changed since my first post--nothing I could notice. My system tray is still inaccessible and windows explorer is still crashing under light use; google links still redirect in firefox.
When I tried opening RKU I got "Error loading driver, NTSTATUS code: 0xC000036B" and could not run the program.
Here are the other two logs.
OTL logfile created on: 9/6/2010 3:33:45 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 9.34 Gb Free Space | 2.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACORN
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/06 15:28:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/04/28 21:17:13 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\SwitchDesk.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/14 21:46:49 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/08/24 16:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2008/06/29 23:04:11 | 000,077,903 | ---- | M] (Hlp) -- c:\Windows\SysWOW64\rooseh.exe
PRC - [2008/04/24 21:46:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
PRC - [2008/04/24 21:46:32 | 000,116,224 | ---- | M] (VirtuaWin) -- C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
========== Modules (SafeList) ==========
MOD - [2010/09/06 15:28:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
SRV:64bit: - [2008/09/02 07:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\cypherixsrv.exe -- (cypherixservice)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/11/28 16:40:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/03 13:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [On_Demand | Stopped] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)
SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2008/06/29 23:04:11 | 000,077,903 | ---- | M] (Hlp) [Auto | Running] -- c:\Windows\SysWOW64\rooseh.exe -- (ygznbywjlyycso)
SRV - [2006/12/10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\FDCENT.SYS -- (FDCENT)
DRV:64bit: - [2010/05/01 00:44:31 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/26 19:06:36 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/14 22:06:34 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/08/14 22:06:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2008/09/05 14:54:12 | 000,102,392 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\cyphxdrv.sys -- (cyphxdrv)
DRV:64bit: - [2008/06/06 17:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/09/06 03:25:44 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2008/01/15 17:09:42 | 000,047,470 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCENT.SYS -- (FDCENT)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {76D00298-1B6D-4487-AC9A-A797951ED953}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{76D00298-1B6D-4487-AC9A-A797951ED953}: C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}\ [2010/07/08 23:59:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/08 13:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/08 13:59:29 | 000,000,000 | ---D | M]
[2009/08/09 03:29:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions
[2010/02/27 12:21:42 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/04/28 19:17:28 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/09/09 02:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/04/28 06:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [snexmrwoca.exe] C:\Users\MrSkwrl\AppData\Local\Temp\snexmrwoca.exe File not found
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell - "" = AutoRun
O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell - "" = AutoRun
O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{d64c17e0-8b1c-11df-97c1-00241d755acd}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/06 15:28:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/09/06 03:16:32 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/09/06 03:16:32 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/09/06 03:16:32 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/09/06 03:16:32 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/09/06 03:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/09/06 03:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/09/06 00:24:22 | 000,000,000 | -HSD | C] -- C:\Users\Owner\.COMMgr
[2010/09/06 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\qkycsinrg
[2010/09/06 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Server
[2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785
[2010/09/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV Demux All
[2010/09/01 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MKVExtractGUI-1.6.4.1
[2010/09/01 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix
[2010/09/01 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix
[2010/09/01 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer
[2010/09/01 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
[2010/08/31 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Uta Asobi (Uta Ashiibi)
[2010/08/31 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Utabautayun
[2010/08/21 14:13:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/08/20 04:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\100MEDIA
[2010/08/20 03:30:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DCIM
[2010/08/06 23:14:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2010/08/06 23:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mp3 Wma Ogg Converter
[2010/08/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PasswordSafe
[2010/08/06 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe
[2010/08/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\beat crusaders
[2010/08/05 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\enka
[2010/07/30 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA
[2010/07/29 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - IDENTITY
[2010/07/28 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/27 06:24:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Tokyo Jihen - Sports
[2010/07/26 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder
[2010/07/21 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - BoA
[2010/07/18 02:03:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/07/18 02:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/07/18 01:21:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft Games
[2010/07/17 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Toribash
[2010/07/16 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[asian+nation] Tokyo Jihen - Goraku (Variety) [2007.09.26]
[2010/07/15 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Album
[2010/07/15 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Singles
[2010/07/10 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DESKTOP
[2010/07/08 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}
[2010/07/08 13:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame
[2010/06/23 17:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub
[2010/06/22 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\WBGames
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/06 15:31:20 | 002,097,152 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2010/09/06 15:28:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/09/06 15:26:13 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/06 15:26:13 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/06 13:52:41 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/06 13:52:41 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/06 13:52:41 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/06 13:51:14 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/06 13:51:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/06 04:13:22 | 000,002,891 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.zip
[2010/09/06 03:34:04 | 000,293,376 | ---- | M] () -- C:\Users\Owner\Desktop\0ym8hil9.exe
[2010/09/06 03:29:21 | 000,525,824 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2010/09/06 03:26:38 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/06 03:25:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/06 03:25:32 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/06 03:24:39 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TMContainer00000000000000000001.regtrans-ms
[2010/09/06 03:24:39 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TM.blf
[2010/09/06 03:24:27 | 002,070,466 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/09/06 03:24:05 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2010/09/06 03:16:39 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/09/06 03:14:06 | 000,007,736 | ---- | M] () -- C:\Users\Owner\Desktop\pwsafe.dat
[2010/09/04 13:22:27 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/09/03 23:18:16 | 000,104,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/01 22:01:09 | 000,940,358 | ---- | M] () -- C:\Users\Owner\Desktop\hw1.1.zip
[2010/09/01 21:12:30 | 014,388,036 | ---- | M] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf
[2010/09/01 20:29:00 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk
[2010/08/19 22:57:43 | 002,300,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/06 20:36:18 | 000,000,869 | ---- | M] () -- C:\Users\Owner\Desktop\Password Safe.lnk
[2010/08/06 20:31:02 | 000,007,360 | ---- | M] () -- C:\Users\Owner\Desktop\pw.bak
[2010/07/28 15:44:40 | 000,000,533 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat
[2010/07/08 23:59:39 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat
[2010/07/08 23:59:39 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin
[2010/06/09 17:43:15 | 000,094,026 | ---- | M] () -- C:\Users\Owner\Documents\sms 06.09.10.csv
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/06 04:13:22 | 000,002,891 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.zip
[2010/09/06 03:34:03 | 000,293,376 | ---- | C] () -- C:\Users\Owner\Desktop\0ym8hil9.exe
[2010/09/06 03:29:18 | 000,525,824 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2010/09/06 03:24:04 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2010/09/06 03:16:39 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/09/06 02:31:17 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/01 22:01:09 | 000,940,358 | ---- | C] () -- C:\Users\Owner\Desktop\hw1.1.zip
[2010/09/01 21:11:57 | 014,388,036 | ---- | C] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf
[2010/09/01 20:29:00 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk
[2010/08/23 19:50:42 | 000,007,736 | ---- | C] () -- C:\Users\Owner\Desktop\pwsafe.dat
[2010/08/06 20:36:18 | 000,000,869 | ---- | C] () -- C:\Users\Owner\Desktop\Password Safe.lnk
[2010/08/06 20:30:26 | 000,007,360 | ---- | C] () -- C:\Users\Owner\Desktop\pw.bak
[2010/07/08 23:59:39 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat
[2010/07/08 23:59:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin
[2010/06/09 17:35:38 | 000,094,026 | ---- | C] () -- C:\Users\Owner\Documents\sms 06.09.10.csv
[2010/05/13 18:17:41 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010/05/02 20:46:17 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/21 12:30:46 | 000,002,699 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/03/03 07:30:48 | 000,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll
[2010/03/03 07:30:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/01/17 19:32:37 | 000,000,082 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/15 19:57:44 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010/01/15 19:57:44 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2009/12/08 02:56:41 | 000,001,342 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/12/08 02:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\calera.ini
[2009/12/08 02:56:30 | 000,269,312 | ---- | C] () -- C:\Windows\SysWow64\FPXIG.DLL
[2009/12/08 02:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\IGFPX32P.DLL
[2009/12/08 02:56:30 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\JPEGACC.DLL
[2009/12/08 02:56:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\WELSOF32.DLL
[2009/11/07 18:40:22 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/13 00:52:42 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2009/09/12 00:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/12 00:24:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/24 15:43:34 | 000,000,533 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2009/08/14 20:04:32 | 000,104,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/09 21:05:23 | 002,468,130 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NET_Framework35_x64_MSI51FF.txt
[2009/08/09 20:54:25 | 000,200,298 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/08/09 20:54:20 | 000,010,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt
[2009/08/09 20:54:20 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt
[2009/08/09 20:54:19 | 000,210,472 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt
[2009/08/09 14:34:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/08/09 13:55:12 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/07 03:24:26 | 000,016,489 | ---- | C] () -- C:\Windows\SysWow64\mswcncorem.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/07/03 20:04:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msoccwordm.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
========== LOP Check ==========
[2010/09/06 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785
[2009/09/05 00:46:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2009/08/27 04:34:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2009/09/27 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DonationCoder
[2010/08/06 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2010/04/29 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame
[2010/01/15 19:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics
[2009/11/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LockHunter
[2010/09/01 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix
[2010/06/02 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag
[2009/10/25 04:06:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2009/10/29 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
[2010/04/29 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NPLUTO Corporation
[2010/09/06 15:31:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/05/01 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VirtuaWin
[2010/02/11 21:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2010/09/06 03:24:30 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 280 bytes -> C:\ProgramData\TEMP:E6E3D650
< End of report >
OTL Extras logfile created on: 9/6/2010 3:33:45 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 9.34 Gb Free Space | 2.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACORN
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A2 61 F4 E0 B2 33 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12CAE947-672F-4F0A-91A3-22A7D743F605}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{19F6C575-0DE6-4180-822F-B969BC43BD0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4B33F090-569B-46D4-8EAA-715983713B9A}" = lport=48373 | protocol=6 | dir=in | name=utor48373 |
"{A12FBE46-59C2-4A06-B5A7-5A7A621DCE95}" = lport=48373 | protocol=17 | dir=in | name=utor48373(2) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CFD7C5-5016-47B9-BEAA-FC4906505A23}" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |
"{10008C7D-804C-41F7-B6F4-0E7221E5444B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2116A77F-8BBC-48C3-9894-2687F08EE357}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{21F7B64E-EE73-4D17-9CAC-8D7B66C8DC85}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{28C7EE7C-4947-4D07-A689-3732405424BB}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{2AE07704-DF3F-47E0-87F6-8D1E2254EB9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B76B6BE-3C06-4CA3-A409-9F3E50C00EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{32A0DD5D-12A7-49B1-BA81-CD048E95A7DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D778DAD-1A9E-411C-8AF7-DCED5D38C09F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{421CE9C6-7CDE-412D-830A-9289AF6849F1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{47070328-F319-4A59-8E08-7361869BBD86}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4A406EFB-3BC3-4071-9432-B9C428C483C0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{4B16D11F-A4C8-4967-B4C3-4CCA8686BD98}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{4FC166E0-333A-4770-8F1D-6B6F85B5D486}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{538DE8A6-E148-4731-A235-3EF97024DDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5DC5DF3B-FCD7-4D36-8257-DB4384C1D5E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5DCFA4AB-7718-44E4-9A56-5ADA8437B77E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6106CDA2-1795-43C1-88A3-77FE9E22F187}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{64B51865-FC03-47F9-9939-EF8176F14999}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6EA209BC-1227-45C3-873A-9D95DA34273B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F6E7128-DA17-46C2-85D7-B00E4322A460}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{702116E5-F76F-4C4A-A13C-D8B5E5B3B82A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{7A02738F-0590-4851-A8A8-184A16D97515}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{833D682D-83C2-4B31-B203-372BD2238DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{866AFBBF-BCDF-4F79-82F1-3C610EF169BA}" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |
"{877AE5E1-EFE5-4955-BB4C-237772A45A59}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{87A6DB9F-9893-4F86-A23B-F9B512414870}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{94B4DC00-EA11-4CBA-B27C-5CBB3CADB4DE}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{9930B698-827C-4A72-81A5-E69BBB8E421E}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{9B000436-58A5-435F-B6F4-10619B205223}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A2B17FBD-B2C7-4399-9CAF-E3E89F75ED1B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{ACFBA339-09CA-40CF-81BD-49AF87AF7D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C775BB9C-B25A-4ADD-AA26-1E1B6F3318D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C9FC528F-7E25-4788-8F90-389504D3981C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DCD94E9D-272C-463A-A65D-05CFD67CCF70}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{E8230265-8279-4BBC-AB05-E65BB98B9D47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAD4ABC4-A2BC-4C50-95B5-4AFEE34EBBCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF78AA56-99AF-4B43-84D5-BEB07B84ACF1}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{F6955A82-B2FE-49DD-A930-4F9301871CDA}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{F988197D-35E2-4F82-85D5-D84361B4E125}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{FFF32ACA-A405-413A-A3E3-961436FD41D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{0EF3B34B-EBBD-4466-96D7-91C34481FF8B}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{122DE5D2-59B3-49F1-8BBB-48F3AA8F42A6}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"TCP Query User{1D04C9F9-366C-453E-B522-80DE5353B069}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{41A5270C-08C5-4B3B-AC7E-09ABAC2A4966}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
"TCP Query User{6082C113-97AD-4841-BF48-1DB6327FCFCE}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"TCP Query User{93FC7FE3-8085-4BB1-B108-D2F2912B0280}C:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{2FA6406D-059E-4B38-8CC8-A642AC2B6D4C}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
"UDP Query User{38D2ECFA-AC55-45BB-B59A-F906B4D34F8A}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |
"UDP Query User{5CFE22D1-8566-4CEB-882D-8C4DE4D1E0EB}C:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{9DDE3D42-91E9-4445-A0D9-363F4602D00F}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{F5337B38-E62B-46EA-A7E5-1A1A674BB6A3}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{FA7763EB-590D-4636-A0D5-3C1A9E5E2C36}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}" = HP Deskjet Printer Driver Software. 8.0.B
"{1D0CA3FB-CD50-4F22-85EE-7A9451C9A792}" = iTunes
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B1EF559-C401-4DC2-A456-F0C464F1C7E7}" = NetDeviceManager64
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FA74243F-4291-4d0a-AF6C-56C69F1CF1D2}" = SF_CDB_ToolboxIni64
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"cyple_is1" = Cypherix LE
"Hide Folders 2009_is1" = Hide Folders 2009 3.2 for Windows XP/Vista
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3822F6D9-F309-41f4-BB98-DA061F0BA8B3}" = SF_CDB_Software
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACF1662C-404B-47AD-9D57-5CA7C9307284}_is1" = Free Mp3 Wma Ogg Converter 7.1.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype
-
I haven't done any virus prevention/cleaning recently, and removed a whole lot of malware with a full scan on Malwarebytes tonight. However, after I rebooted, my computer now has become really slow and my system tray is blacked out/not working anymore. When I click the systray arrow to expand it, the arrow remains glitched across the tray. On another reboot, when I tried click the systray I got warning that "Windows explorer.exe has crashed" and option to restart it, after which it crashed twice more.
The following Malwarebytes log is taken after the most recent reboot. msounkernm.dll can't seem to be accessed and Hijack.FolderOptions won't go away. I downloaded and ran Avira Antivir Personal, but that couldn't resolve those issues either. I also don't know what other malware may be lurking undetected ATM.
In fact, Windows explorer crashed again during this post.
Also, I've been having the internet-search-redirect issue (on Firefox) a lot recently too if that's helpful information.
Please help me remove my malware!
(I removed instances of my name and replaced with "Owner" in this post for my privacy. I hope that is okay.)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4553
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
9/6/2010 3:23:49 AM
mbam-log-2010-09-06 (03-23-49).txt
Scan type: Quick scan
Objects scanned: 136703
Time elapsed: 3 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.
DDS (Ver_10-03-17.01) - NTFSX64
Run by Owner at 3:29:59.07 on Mon 09/06/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18
Microsoft
something in syswow?
in Resolved Malware Removal Logs
Posted
Hi
Thank you for directing me to that site. It made me feel better about those files. I'm not completely sure if I am virus free, but things seem to be operating fine now.
I will be doing a clean install of windows soon to upgrade to windows 7 anyway.
Thanks for everything!