Can't get rid of these infected objects

ummid · June 30, 2010

www.malwarebytes.org

Database version: 4260

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

6/30/2010 3:40:30 AM

mbam-log-2010-06-30 (03-40-30).txt

Scan type: Quick scan

Objects scanned: 121917

Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4260

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

6/30/2010 3:31:03 AM

mbam-log-2010-06-30 (03-31-03).txt

Scan type: Quick scan

Objects scanned: 122248

Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

hello, i keep getting all these infected items whenever i run malwarebytes and it keeps asking to restart my computer, but whenever i restart it and rescan, i still keep getting the same infected items on the results page. help would be very much appreciated. thanks in advance!

Elise · June 30, 2010

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

Please download OTL from one of the following mirrors:
- This is THE Mirror
[*]Save it to your desktop.
[*]Double click on the icon on your desktop.
[*]Click the "Scan All Users" checkbox.
[*]Push the button.
[*]Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

A detailed description of your problems
A new OTL log (don't forget extra.txt)
GMER log

ummid · June 30, 2010

OTL logfile created on: 6/30/2010 11:30:42 AM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\jerome\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 61.00% Memory free

16.00 Gb Paging File | 13.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 685.08 Gb Total Space | 319.14 Gb Free Space | 46.58% Space Free | Partition Type: NTFS

Drive D: | 13.41 Gb Total Space | 1.84 Gb Free Space | 13.72% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC

Current User Name: jerome

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/30 11:30:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\jerome\Downloads\OTL.exe

PRC - [2010/06/30 10:39:44 | 000,048,640 | ---- | M] () -- C:\Users\jerome\AppData\Local\Temp\1981157088.exe

PRC - [2010/06/30 08:18:09 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\system.exe

PRC - [2010/06/30 08:18:09 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\notepad.exe

PRC - [2010/06/30 08:11:24 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\sysedit.exe

PRC - [2010/06/30 08:11:24 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\setup.exe

PRC - [2010/06/30 08:11:23 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\user.exe

PRC - [2010/06/30 05:56:30 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\cmd.exe

PRC - [2010/06/30 05:56:30 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\avp.exe

PRC - [2010/06/30 05:56:29 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\winamp.exe

PRC - [2010/06/30 05:56:29 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\login.exe

PRC - [2010/06/30 05:52:52 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\smss.exe

PRC - [2010/06/30 05:52:51 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\spoolsv.exe

PRC - [2010/06/30 05:52:50 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\win.exe

PRC - [2010/06/30 05:52:50 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\hexdump.exe

PRC - [2010/06/30 05:52:49 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\wininst.exe

PRC - [2010/06/30 02:46:27 | 000,048,644 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\mdm.exe

PRC - [2010/06/29 23:23:56 | 000,030,001 | -H-- | M] () -- C:\Users\jerome\AppData\Local\Temp\s94z3dio.exe

PRC - [2010/06/28 11:09:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/06/28 11:09:12 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2010/02/22 11:46:10 | 000,390,824 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

PRC - [2009/01/23 11:11:44 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008/09/24 07:40:02 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe

PRC - [2008/09/24 07:39:56 | 000,118,784 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe

PRC - [2008/09/04 07:21:50 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

PRC - [2008/09/04 07:14:52 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

PRC - [2008/09/04 07:14:44 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\BeepApp.exe

========== Modules (SafeList) ==========

MOD - [2010/06/30 11:30:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\jerome\Downloads\OTL.exe

MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/27 11:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/02/20 18:14:26 | 000,427,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (WAS)

SRV:64bit: - [2010/02/20 18:14:26 | 000,427,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\iisw3adm.dll -- (W3SVC)

SRV:64bit: - [2009/04/11 02:11:13 | 000,058,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV:64bit: - [2009/04/11 02:10:28 | 000,190,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers)

SRV:64bit: - [2008/01/20 21:51:26 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2006/11/02 10:03:41 | 000,009,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/02/20 18:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/02/20 18:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2009/03/16 17:48:00 | 002,849,757 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2008/09/04 07:21:50 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)

SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/27 12:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/05/27 12:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/05/27 11:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2009/11/07 03:15:02 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/04/11 00:42:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST) RMCAST (Pgm)

DRV:64bit: - [2009/04/08 01:58:18 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2008/10/09 19:04:04 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)

DRV:64bit: - [2008/09/09 20:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})

DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/05/28 20:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2008/02/26 12:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)

DRV:64bit: - [2008/01/20 21:51:49 | 000,167,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)

DRV:64bit: - [2007/02/05 10:22:12 | 000,161,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

DRV - [2004/12/31 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.worldofwarcraft.com/index.xml

IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.worldofwarcraft.com/index.xml"

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 11:09:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/28 11:09:13 | 000,000,000 | ---D | M]

[2009/04/20 05:57:02 | 000,000,000 | ---D | M] -- C:\Users\jerome\AppData\Roaming\Mozilla\Extensions

[2010/06/29 18:36:20 | 000,000,000 | ---D | M] -- C:\Users\jerome\AppData\Roaming\Mozilla\Firefox\Profiles\df4fzjog.default\extensions

[2009/09/03 20:00:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jerome\AppData\Roaming\Mozilla\Firefox\Profiles\df4fzjog.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/12/12 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\jerome\AppData\Roaming\Mozilla\Firefox\Profiles\df4fzjog.default\extensions\firefox@tvunetworks.com

[2010/06/29 18:36:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/18 01:01:05 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)

O2 - BHO: (C:\Windows\SysWow64\laxe1ioclo.dll) - {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - C:\Windows\SysWOW64\laxe1ioclo.dll ()

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\Users\jerome\AppData\Local\Temp\s94z3dio.exe ()

O4 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\Users\jerome\AppData\Local\Temp\login.exe ()

O4 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1

O7 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O7 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-435765973-3294363986-3632491355-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O22 - SharedTaskScheduler: {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - jahs8973fioafnh98fasfw3gadfgjdsdf - C:\Windows\SysWOW64\laxe1ioclo.dll ()

O24 - Desktop WallPaper: C:\Users\jerome\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Users\jerome\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{065b9165-cb76-11de-88ec-002421143a41}\Shell - "" = AutoRun

O33 - MountPoints2\{065b9165-cb76-11de-88ec-002421143a41}\Shell\AutoRun\command - "" = J:\Torchlight_Setup.exe -- File not found

O33 - MountPoints2\{dfe6422d-1d9d-11df-9d8d-002421143a41}\Shell - "" = AutoRun

O33 - MountPoints2\{dfe6422d-1d9d-11df-9d8d-002421143a41}\Shell\AutoRun\command - "" = K:\HWPcAssistant.exe -- File not found

O33 - MountPoints2\{dfe6423a-1d9d-11df-9d8d-002421143a41}\Shell - "" = AutoRun

O33 - MountPoints2\{dfe6423a-1d9d-11df-9d8d-002421143a41}\Shell\AutoRun\command - "" = K:\HWPcAssistant.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/30 03:57:23 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Roaming\Avira

[2010/06/30 03:53:26 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/06/30 03:53:26 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/06/30 03:53:26 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/06/30 03:53:26 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/06/30 03:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/06/30 03:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2010/06/29 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Local\ijgfhslxc

[2010/06/29 23:23:52 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Roaming\C09EAE9584048127607F22894E30CD0B

[2010/06/19 08:45:40 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Roaming\vlc

[2010/06/18 18:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2010/06/09 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Roaming\LolClient

[2010/06/09 09:04:28 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll

[2010/06/09 09:04:28 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll

[2010/06/09 09:04:27 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll

[2010/06/09 09:00:26 | 000,000,000 | ---D | C] -- C:\Riot Games

[2010/06/09 08:41:50 | 000,000,000 | ---D | C] -- C:\Users\jerome\Desktop\LeagueOfLegends6.8

[2010/06/09 08:41:41 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Local\PMB Files

[2010/06/09 08:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

[2010/06/09 08:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks

[2010/06/08 09:15:37 | 000,000,000 | ---D | C] -- C:\Users\jerome\Warcraft III 1.21b TFT Installer enUS

[2010/06/05 22:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle

[2010/06/03 19:21:01 | 000,000,000 | ---D | C] -- C:\Users\jerome\AppData\Roaming\Auslogics

[2010/06/03 19:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/30 11:32:54 | 002,621,440 | -HS- | M] () -- C:\Users\jerome\NTUSER.DAT

[2010/06/30 09:34:25 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/30 09:34:25 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/30 03:53:34 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/06/30 03:40:44 | 000,819,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/06/30 03:40:44 | 000,687,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/06/30 03:40:44 | 000,133,902 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/06/30 03:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/30 03:31:46 | 000,524,288 | -HS- | M] () -- C:\Users\jerome\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010/06/30 03:31:46 | 000,065,536 | -HS- | M] () -- C:\Users\jerome\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010/06/30 03:31:45 | 006,291,456 | -H-- | M] () -- C:\Users\jerome\AppData\Local\IconCache.db

[2010/06/30 00:25:04 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/06/29 23:26:27 | 000,002,744 | ---- | M] () -- C:\Users\jerome\AppData\Local\opariyij.dll

[2010/06/29 23:23:56 | 000,030,000 | ---- | M] () -- C:\Windows\SysWow64\laxe1ioclo.dll

[2010/06/28 13:37:38 | 000,199,168 | ---- | M] () -- C:\Users\jerome\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/25 16:24:13 | 000,000,198 | ---- | M] () -- C:\Windows\tasks\{3A0B0413-E16C-43EB-A36D-BA1D4D835B78}.job

[2010/06/19 08:45:12 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/06/16 00:01:02 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/06/09 09:04:30 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2010/06/08 09:58:00 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk

[2010/06/08 09:15:50 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Warcraft III.lnk

[2010/06/07 18:59:12 | 000,079,276 | ---- | M] () -- C:\Users\jerome\Documents\dimmuferalmech.xml

[2010/06/07 04:48:31 | 000,079,280 | ---- | M] () -- C:\Users\jerome\Documents\dimmulkhmdone.xml

[2010/06/05 17:16:38 | 000,000,374 | ---- | M] () -- C:\Users\jerome\Documents - Shortcut.lnk

[2010/06/05 01:35:30 | 000,001,356 | ---- | M] () -- C:\Users\jerome\AppData\Local\d3d9caps.dat

[2010/06/03 19:30:43 | 000,000,968 | ---- | M] () -- C:\Users\jerome\Desktop\Auslogics BoostSpeed.lnk

[2010/06/03 19:20:59 | 000,000,973 | ---- | M] () -- C:\Users\jerome\Desktop\Auslogics Disk Defrag.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/30 03:53:34 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/06/30 03:49:32 | 000,440,988 | ---- | C] () -- C:\Users\jerome\AppData\Local\dd_vcredistMSI1854.txt

[2010/06/30 03:49:32 | 000,011,714 | ---- | C] () -- C:\Users\jerome\AppData\Local\dd_vcredistUI1854.txt

[2010/06/29 23:26:27 | 000,002,744 | ---- | C] () -- C:\Users\jerome\AppData\Local\opariyij.dll

[2010/06/29 23:23:56 | 000,030,000 | ---- | C] () -- C:\Windows\SysWow64\laxe1ioclo.dll

[2010/06/25 16:24:13 | 000,000,198 | ---- | C] () -- C:\Windows\tasks\{3A0B0413-E16C-43EB-A36D-BA1D4D835B78}.job

[2010/06/19 08:45:12 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/06/09 09:04:30 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2010/06/08 09:57:46 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk

[2010/06/08 09:14:46 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Warcraft III.lnk

[2010/06/07 05:23:26 | 000,079,276 | ---- | C] () -- C:\Users\jerome\Documents\dimmuferalmech.xml

[2010/06/05 17:16:38 | 000,000,374 | ---- | C] () -- C:\Users\jerome\Documents - Shortcut.lnk

[2010/06/03 19:30:43 | 000,000,968 | ---- | C] () -- C:\Users\jerome\Desktop\Auslogics BoostSpeed.lnk

[2010/06/03 19:20:59 | 000,000,973 | ---- | C] () -- C:\Users\jerome\Desktop\Auslogics Disk Defrag.lnk

[2010/03/22 09:26:20 | 000,773,092 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/09/11 03:54:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/11 03:53:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/01/21 20:36:00 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/01/21 02:41:41 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/01/21 02:41:41 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2008/11/12 05:58:30 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll

[2008/11/12 05:58:30 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll

[2008/09/19 06:59:22 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll

[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Files - Unicode (All) ==========

[2009/08/19 04:25:23 | 000,000,000 | ---D | M](C:\Users\jerome\Documents\?????) -- C:\Users\jerome\Documents\?????

[2009/08/19 04:25:23 | 000,000,000 | ---D | C](C:\Users\jerome\Documents\?????) -- C:\Users\jerome\Documents\?????

[2009/08/19 04:11:38 | 000,001,938 | ---- | M] ()(C:\Users\jerome\Desktop\????!.lnk) -- C:\Users\jerome\Desktop\?????.lnk

[2009/08/19 04:11:38 | 000,001,938 | ---- | C] ()(C:\Users\jerome\Desktop\????!.lnk) -- C:\Users\jerome\Desktop\?????.lnk

[2009/08/19 04:11:33 | 000,000,000 | ---D | M](C:\Program Files (x86)\?????) -- C:\Program Files (x86)\?????

(C:\Program Files (x86)\?????) -- C:\Program Files (x86)\?????

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\jerome\Documents\yummy.avi:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\jerome\Documents\karla spice.avi:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\jerome\Documents\Asian girls do it best.mpeg:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\jerome\Documents\89d4402dc03d3b7.avi:TOC.WMV

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:07BF512B

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >

OTL Extras logfile created on: 6/30/2010 11:30:42 AM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\jerome\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 61.00% Memory free

16.00 Gb Paging File | 13.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 685.08 Gb Total Space | 319.14 Gb Free Space | 46.58% Space Free | Partition Type: NTFS

Drive D: | 13.41 Gb Total Space | 1.84 Gb Free Space | 13.72% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC

Current User Name: jerome

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 49 C7 CD C4 64 35 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{24118095-4CEC-4123-9C1A-57342E2D877A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{10A78856-0152-4EC5-BD19-D778ED2BA045}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |

"{1A70BFE8-FDB4-4A8F-9E96-DE55CABE5ACA}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{1CACF79C-E4F3-4169-A398-1C3E9041DEB1}" = protocol=6 | dir=in | app=c:\users\jerome\downloads\systemcheck_enus(3).exe |

"{2178BA70-E86B-496F-BBD0-B699FCB6CE11}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{232ED459-E864-4878-8D58-527ACB1E7B09}" = protocol=17 | dir=in | app=c:\users\jerome\downloads\systemcheck_enus(3).exe |

"{25A2CCB2-711C-4E10-B915-81ACEB9806C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{264BF74D-F80C-4595-88CB-644F4187AA86}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{2B6B6A28-5902-4F44-9A95-8A9A32897069}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{2C149431-EA31-49CE-9B67-448568202996}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{2DB7B4A8-F435-4103-8C97-DD92016E64BA}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |

"{32671446-149E-469A-8FA4-DD3B77669CE4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |

"{35F58AC2-6F7E-4218-8178-D03C8CD7B1E3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |

"{39309AC9-D6AD-471C-960D-145C04C2F973}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{3E69C719-125A-4DDF-9AB0-102BA6283E83}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{3EFD00B4-45EC-4F2B-AFC2-30296F7B828B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |

"{40899947-A3BE-48E5-B58D-DB10DD469042}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{493D44BC-F93A-4587-B116-77E6F0F7115A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{536B3DA7-1700-496C-83F2-2B50E3CECF23}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |

"{560756BE-31E1-4313-946C-F3FB89FDEFDA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{58E17E0F-2C1D-4E5B-A485-5EA94E89713B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |

"{5C9F4A6E-2F39-4251-945B-A2D7990D4ECA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |

"{63FD5652-BF90-45DF-89D5-76D7F39D8CCE}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |

"{67858226-4F95-4045-84EF-793CEF268F2B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{67B2ACCD-1083-477F-9F8C-5F2D587F94C4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{697FBCAB-1F93-40A2-A330-9C6D86E57416}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{743F63EB-D04E-492E-B7F2-2240562E85DF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |

"{86DCE10A-B830-49DA-9193-EE82FD607C0E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{89CDE63F-D525-4AA5-8177-3EDA53091909}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |

"{8C5F1A0E-031C-4F90-B192-D31A53372783}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |

"{8DEBC0C9-914D-4B89-9B46-A24848876BE5}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |

"{9242C304-CDBE-4641-9601-B165970C9B23}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"{956420F2-C0FE-43C2-9AC0-B17882E55575}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{9C0A5DC3-2FD4-4B8F-8440-88121C8416D6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |

"{ADB0D170-AD4A-41A2-BE93-70B5CCD2E960}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{B33D65D2-8284-47A6-AD0A-290B984C9CD9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{B48B676B-EF0D-4239-8C4B-D906AA473523}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{B86BBFEF-FDAC-4888-B84E-EE1D51932546}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{BE38E6FA-A4FC-4EF5-B4FB-C76AFB96F834}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{C284FD08-D566-4886-9A5A-9A1ACC7778C4}" = protocol=6 | dir=in | app=c:\users\jerome\desktop\msgr10us.exe |

"{CCC6EB8E-8330-4102-BE6F-AD3045A11D8B}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |

"{F3EA80CE-2B51-4871-BFD5-D28B5E76D1DD}" = protocol=17 | dir=in | app=c:\users\jerome\desktop\msgr10us.exe |

"{F713D7D4-8DCD-4C2B-ABFB-F54BD5081EEF}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"TCP Query User{0E0633D4-2ADB-46FB-AB1E-042B22B5EF60}C:\program files (x86)\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |

"TCP Query User{0F3B43F6-4CBB-4071-BDB2-A5A72F22FD53}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{24CDF4EE-7582-488F-83CD-EFFD1DBFD2E1}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"TCP Query User{2EFBCEEC-6370-45BC-82B2-50911CA66E58}C:\users\jerome\appdata\local\temp\blizzard launcher temporary - 30fef800\launcher.exe" = protocol=6 | dir=in | app=c:\users\jerome\appdata\local\temp\blizzard launcher temporary - 30fef800\launcher.exe |

"TCP Query User{504564D2-9EE6-47E2-B36E-5B3B39BA2DF0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"TCP Query User{60EC1A44-38D2-4594-849C-FB4B0E9FB7F5}C:\ijji\english\u_gbound.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gbound.exe |

"TCP Query User{6272D48B-3EC1-4C9D-A6DC-759F30A1373F}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"TCP Query User{68D64B08-052D-4B57-ADF8-F079F403A526}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{6E6C5BDA-528D-4118-B59D-E510957F17A9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{86260CFA-F4ED-489A-B049-1BF1F34DB4C1}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"TCP Query User{907151D3-222C-4FCC-8C76-505AC0B16BBC}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |

"TCP Query User{A01ED073-AD26-43EC-A137-7B3EECCF77C5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"TCP Query User{C6D20E40-673A-426B-8EDC-E48FFDE46A1A}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"TCP Query User{D9055AC9-7E73-4B34-B158-8108C5276426}C:\program files (x86)\raptr\raptrbt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptrbt.exe |

"TCP Query User{DCCC03B4-67BE-49DA-9228-FC91F1502D9E}C:\program files (x86)\english\gunbound revolution\gunbound.gme" = protocol=6 | dir=in | app=c:\program files (x86)\english\gunbound revolution\gunbound.gme |

"TCP Query User{E5A885E0-CE17-4FBC-AF66-EF75B01A19E3}C:\users\jerome\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\jerome\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |

"TCP Query User{E6FC897C-9259-45FA-967F-83CE0DA88973}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |

"TCP Query User{F5F64748-9859-49FC-B5F6-5C7B52E0B183}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"TCP Query User{F93897AB-EF70-4F2E-89A8-CEA93822C117}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

"TCP Query User{FF059FEC-30EF-4A7D-9566-C115AC1C7B5D}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

"UDP Query User{37C66644-FDE4-4D71-B6D4-B69F478F24AE}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |

"UDP Query User{44839FDF-F4A8-4D4F-B9F7-D96335825EB1}C:\users\jerome\appdata\local\temp\blizzard launcher temporary - 30fef800\launcher.exe" = protocol=17 | dir=in | app=c:\users\jerome\appdata\local\temp\blizzard launcher temporary - 30fef800\launcher.exe |

"UDP Query User{54A2843E-0C16-47D5-9C27-3B47CE70471A}C:\program files (x86)\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |

"UDP Query User{59B114FA-E829-4F89-B70F-C1FC09B3B6B8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{5B5C33D4-B253-4430-ACB1-F8FD0224C0D3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{5E147ACF-3D1E-41E6-8439-6A664B34BBB1}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{64EC0DFC-1C10-4997-8A5A-75319AE3B4E2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{8E6F38CF-C3EC-41C7-9E23-30176B623BFB}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

"UDP Query User{9817F523-9083-41EB-ADD7-0AD09B1EF5E0}C:\ijji\english\u_gbound.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gbound.exe |

"UDP Query User{9CEE6D7E-10AD-4850-9942-6C0285A0EEE5}C:\users\jerome\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\jerome\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |

"UDP Query User{9F728CCF-7F47-455D-9A4A-9759E6607AF5}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

"UDP Query User{A6125EBE-C949-48EC-883E-04A2F67AAD67}C:\program files (x86)\raptr\raptrbt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptrbt.exe |

"UDP Query User{A88B3082-F6E5-41EA-9899-7578856E7242}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{BB4F51EF-BE9A-4C19-95C5-A573BFD40182}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |

"UDP Query User{D0CDB91F-27A3-4B34-BCB8-02B0E35CB390}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{DD16D79A-DF0B-4CF4-9DBA-308F4670D754}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{E273E6EA-1650-4F79-8E94-24F56998A97F}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |

"UDP Query User{E386716F-6102-4988-97E4-1826DC6E7041}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |

"UDP Query User{E7B1E907-24FB-44DE-9F67-402364C84C02}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{F4430589-DBF6-41CF-A2F2-EC9863298D55}C:\program files (x86)\english\gunbound revolution\gunbound.gme" = protocol=17 | dir=in | app=c:\program files (x86)\english\gunbound revolution\gunbound.gme |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer

Elise · June 30, 2010

Hello again,

Thats quite some bad stuff running there Lets see if we can get it all cleaned up.

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

ummid · June 30, 2010

thanks elise, i was also just running gmer the whole time offline after posting those logs and here is what i got:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-06-30 12:39:45

Windows 6.0.6002 Service Pack 2

Running: 3xgt6lsm.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4D 0xC8 0x8C 0xC5 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8B 0xDC 0xE4 0x71 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB0 0xD6 0x53 0x14 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4D 0xC8 0x8C 0xC5 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8B 0xDC 0xE4 0x71 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB0 0xD6 0x53 0x14 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4E0AFDAD-5924-46FD-8D40-539D85F9874E} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A6CAA968-B1D3-4414-B4E5-5A68DE4F1D1F} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B006055E-4368-474F-98D0-B601D49CB9FD} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B6D65B2F-1BE9-4C34-A02D-4966ED7E3C31} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{40C59336-D6BE-4831-BEC2-8F2B22F906D2} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AA118090-7C63-452C-909F-99727B4F9581} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BE9CA769-8235-4EA8-A014-347703354C75} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{959192DB-1DA2-452A-9C52-7D484D4FB597} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8C6368B1-3456-4948-B005-6FD24D0DB718} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B1BC384C-9AAF-4D8E-AF68-AD049F3CC36F} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BD13DF96-4881-4168-8910-02BF4D8CFA2E} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5C51647B-BEC3-4F41-8856-E3507905F718} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{351DB66A-ADB2-48AA-8D4D-E98CD94F2078} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C0B6C031-00C2-470E-B720-B99A9503309A} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{3C02E7E9-F028-4858-96B5-C844B233AEC0} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{487BFD5B-78D4-40E5-8574-D8BA162665B7} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E45638CE-D9F4-47FB-B45B-7DE14F623317} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B2FC0506-BB0A-4D37-85C7-AAED22CC8026} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F51E107F-A7B8-467E-9CEE-A05D8C55DEC3} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{47DADAEF-0C02-40C1-BCD4-24779D0EF3E1} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CB55F44B-C015-4D9E-BCCA-9596DD22A19F} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D69B022F-C942-4AAD-A69D-0C8ED591D074} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BA4C402E-0977-4427-9DC2-320E6C81465A} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{782FFBAB-056A-4FCC-A9F2-3D882EE3CE91} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1DCC2A1B-5D1C-4952-A4D9-8372505BC0E1} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD99FA36-5812-40F6-A105-B541B0350824} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AD9DA1F8-2932-4555-9212-B168326862D0} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E12E2B0D-9246-4953-B7AC-97A6D4CD0F89} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{091CFE2C-47DA-4BBF-BAC7-A7B5E3CF6264} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5C8AF886-A6D9-468C-9F4C-0D52E3BA0D27} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17877563-E232-413D-805A-E0C03DC2E57D} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{45B648A1-DA3A-47EA-8987-13929FA1A793} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5E539286-3369-40C0-952B-52F884D3BCF5} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{884EA491-7D09-4549-A576-5E07B1AF5993} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1F153454-46B1-4C1C-8DD1-738EA3D5C1E1} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1F1A075F-024E-4400-A1C9-FFA56F1E219D} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F588ACC0-2E95-4F8B-96F3-1C5DAB079403} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1A54D969-372C-4EA8-843D-A801C76FE8A3} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17294D68-1D15-4574-9952-9F7C1869CFD0} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D45152EB-45FD-4554-9BB4-C4FA4C3D271A} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{57350FEC-F4AF-44FA-9432-B2EFAFE9EA74} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A1C01289-8336-4BD0-8AB7-4B82CBEED351} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{43EB573C-320C-49D8-8C38-840CCFAF0C65} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{905F6CAE-7856-4447-A4CB-F908F882D8D9} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E61899E9-A20F-4E02-86F7-FE20B31100F9} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E61C2BB9-3D69-4D9B-A330-530D34B1F689} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B385D46E-47D7-466A-BF0D-4159F7FC8818} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CA91B990-8D2A-44B2-A189-3EFF18E2E38D} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{22163A03-445F-44B9-B2B2-00A2FE26C66F} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{126E5031-3303-41B2-A7BA-6AB9CD89B1D9} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BEEC3E09-17BB-4FD9-BA2D-FC86CE9A9AA9} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A91006BC-A5D6-4597-A00C-58726C8A0FE0} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{26417517-0216-41C5-BFED-A6E4E677DE43} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4C44B797-B3A9-4C47-B82E-74E8E632FF66} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{28361CEF-307A-43EA-A858-A5ADF2C2FF87} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{97CE1283-5633-4B1F-98AE-3E35D3648C07} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6A850F1B-8B1D-4DF9-9567-1DC7C6FCEEF8} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{227C00E4-1B0D-46CB-9377-89550B2E2073} 0 bytes

File C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{858

---- EOF - GMER 1.0.15 ----

i also cut off the rest of those windows defender\scans\history\results\resource since it was too long and it wont let me post the message.

do you still want me to do those steps you just mentioned or does this log change anything? thanks again for the quick response.

ummid · June 30, 2010

i just did the steps you mentioned on your last post, otl asked me to reboot my pc, and here is the log after i did:

All processes killed

========== OTL ==========

HKU\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ deleted successfully.

C:\Windows\SysWOW64\laxe1ioclo.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Run\\hsef87ehf3jishfs87fhuishfsgggfdgs4g deleted successfully.

C:\Users\jerome\AppData\Local\Temp\s94z3dio.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sdr8gdrgdrgke49orkgsjkjfjhsd deleted successfully.

C:\Users\jerome\AppData\Local\Temp\login.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.

Registry value HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_USERS\S-1-5-21-435765973-3294363986-3632491355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C3BA40A2-75F1-52BD-F413-04B15A2C8953} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ deleted successfully.

File C:\Windows\SysWOW64\laxe1ioclo.dll not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: jerome

->Temp folder emptied: 192371723 bytes

->Temporary Internet Files folder emptied: 279542446 bytes

->Java cache emptied: 20124 bytes

->FireFox cache emptied: 55588467 bytes

->Flash cache emptied: 65264 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 85656 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 503.00 mb

OTL by OldTimer - Version 3.2.7.0 log created on 06302010_125820

Files\Folders moved on Reboot...

File\Folder C:\Users\jerome\AppData\Local\Temp\~DF4FE0.tmp not found!

File\Folder C:\Users\jerome\AppData\Local\Temp\~DF4FFA.tmp not found!

File\Folder C:\Users\jerome\AppData\Local\Temp\~DF5093.tmp not found!

File\Folder C:\Users\jerome\AppData\Local\Temp\~DF50A5.tmp not found!

File\Folder C:\Users\jerome\AppData\Local\Temp\~DF5127.tmp not found!

File\Folder C:\Users\jerome\AppData\Local\Temp\~DF5152.tmp not found!

File\Folder C:\Windows\temp\hsperfdata_PC$\1996 not found!

Registry entries deleted on Reboot...

Elise · June 30, 2010

Now please run MBAM, make sure to update it first and run a full scan. Post me the resulting log please.

ummid · June 30, 2010

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4261

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

6/30/2010 1:10:23 PM

mbam-log-2010-06-30 (13-10-23).txt

Scan type: Quick scan

Objects scanned: 122215

Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

wow, looks like it's fixed! i can't thank you enough for this, elise!

Elise · June 30, 2010

Now that looks more like it

Please let me know how things are running now. Do you have any issues left?

ummid · June 30, 2010

no issues at all. thanks again!!!

Elise · June 30, 2010

Lets do one last scan to make sure all bad stuff is gone indeed.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  Note - when ESET doesn't find any threats, no report will be created.
12. Push the button.
13. Push

ummid · June 30, 2010

the scan has been running for 3 hours 34 mins now but it stopped at 43%. it said it found one infected file but there are no other buttons or options to pick but "Stop" key.

I also run mbam again but it couldn't find any threats.

ummid · July 1, 2010

scan finally done after about 6 hours:

C:\Users\jerome\AppData\Roaming\Auslogics\Rescue\Boost Speed\100603193740183.rsc multiple threats deleted - quarantined

C:\_OTL\MovedFiles\06302010_125820\C_Users\jerome\AppData\Local\Temp\login.exe a variant of Win32/Kryptik.FDD trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\06302010_125820\C_Users\jerome\AppData\Local\Temp\s94z3dio.exe a variant of Win32/Kryptik.FDD trojan cleaned by deleting - quarantined

Elise · July 1, 2010

Hello again,

That looks good. If you have no other problems left, you are good to go

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

Delete the tools used during the disinfection:
- Run OTL and click the Cleanup button. Allow a reboot. This will remove all tools and logs we used and sets a new Restore point.

Please read these advices, in order to prevent reinfecting your PC:

Install and update the following programs regularly:
- an outbound firewall
  A comprehensive tutorial and a list of possible firewalls can be found here.
- an AntiVirus Software
  It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
- an Anti-Spyware program
  Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
  SUPERAntiSpyware is another good scanner with high detection and removal rates.
  Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
- Spyware Blaster
  A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
- MVPs hosts file
  A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Miekies' prevention suggestions
So How did I get infected?
Microsoft - 'Security at home'
Calendar of Updates: See which updates have been released.
How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

ummid · July 2, 2010

got it. thanks again, elise.

sorry, but i have one last question: why do i need to delete all those tools and logs?

Elise · July 2, 2010

Basically because they are useless

The logs are only useful when they are recent (not older than a day or two) and the tools are of no use unless youare trained to use them and interpret their output. Furthermore, the tools we use get constantly updated and its not a good idea to have old copies around since you can always download them when needed and be assured you have the newest version.

I hope this answers your question

ummid · July 4, 2010

i see.thanks again for all your help elise.

Elise · July 4, 2010

You are welcome

I will request this topic to be closed.

Can't get rid of these infected objects

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information