Jump to content

cannot remove malware & firefox search redirection


Recommended Posts

I haven't done any virus prevention/cleaning recently, and removed a whole lot of malware with a full scan on Malwarebytes tonight. However, after I rebooted, my computer now has become really slow and my system tray is blacked out/not working anymore. When I click the systray arrow to expand it, the arrow remains glitched across the tray. On another reboot, when I tried click the systray I got warning that "Windows explorer.exe has crashed" and option to restart it, after which it crashed twice more.

The following Malwarebytes log is taken after the most recent reboot. msounkernm.dll can't seem to be accessed and Hijack.FolderOptions won't go away. I downloaded and ran Avira Antivir Personal, but that couldn't resolve those issues either. I also don't know what other malware may be lurking undetected ATM.

In fact, Windows explorer crashed again during this post.

Also, I've been having the internet-search-redirect issue (on Firefox) a lot recently too if that's helpful information.

Please help me remove my malware!

(I removed instances of my name and replaced with "Owner" in this post for my privacy. I hope that is okay.)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4553

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

9/6/2010 3:23:49 AM

mbam-log-2010-09-06 (03-23-49).txt

Scan type: Quick scan

Objects scanned: 136703

Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.

DDS (Ver_10-03-17.01) - NTFSX64

Run by Owner at 3:29:59.07 on Mon 09/06/2010

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_18

Microsoft

Attach.zip

Link to post
Share on other sites

Hello ,

And :blink: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Thanks for helping.

Nothing has changed since my first post--nothing I could notice. My system tray is still inaccessible and windows explorer is still crashing under light use; google links still redirect in firefox.

When I tried opening RKU I got "Error loading driver, NTSTATUS code: 0xC000036B" and could not run the program.

Here are the other two logs.

OTL logfile created on: 9/6/2010 3:33:45 PM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 9.34 Gb Free Space | 2.00% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACORN

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/06 15:28:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2010/04/28 21:17:13 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\SwitchDesk.exe

PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2010/02/14 21:46:49 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

PRC - [2009/08/24 16:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe

PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe

PRC - [2008/06/29 23:04:11 | 000,077,903 | ---- | M] (Hlp) -- c:\Windows\SysWOW64\rooseh.exe

PRC - [2008/04/24 21:46:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe

PRC - [2008/04/24 21:46:32 | 000,116,224 | ---- | M] (VirtuaWin) -- C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe

========== Modules (SafeList) ==========

MOD - [2010/09/06 15:28:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd)

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)

SRV:64bit: - [2008/09/02 07:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\cypherixsrv.exe -- (cypherixservice)

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2009/11/28 16:40:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/05/03 13:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [On_Demand | Stopped] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)

SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)

SRV - [2008/06/29 23:04:11 | 000,077,903 | ---- | M] (Hlp) [Auto | Running] -- c:\Windows\SysWOW64\rooseh.exe -- (ygznbywjlyycso)

SRV - [2006/12/10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\FDCENT.SYS -- (FDCENT)

DRV:64bit: - [2010/05/01 00:44:31 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)

DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys -- (LgBttPort)

DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys -- (LGVMODEM)

DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys -- (lgbusenum)

DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/08/26 19:06:36 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/08/14 22:06:34 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)

DRV:64bit: - [2009/08/14 22:06:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/11/19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2008/11/19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2008/11/19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)

DRV:64bit: - [2008/09/05 14:54:12 | 000,102,392 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\cyphxdrv.sys -- (cyphxdrv)

DRV:64bit: - [2008/06/06 17:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter)

DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2010/09/06 03:25:44 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2008/01/15 17:09:42 | 000,047,470 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCENT.SYS -- (FDCENT)

DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)

DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13

FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4

FF - prefs.js..extensions.enabledItems: {76D00298-1B6D-4487-AC9A-A797951ED953}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{76D00298-1B6D-4487-AC9A-A797951ED953}: C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}\ [2010/07/08 23:59:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/08 13:59:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/08 13:59:29 | 000,000,000 | ---D | M]

[2009/08/09 03:29:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions

[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions

[2010/02/27 12:21:42 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}

[2010/04/28 19:17:28 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

[2009/09/09 02:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}

[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}

[2010/04/28 06:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}

[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [snexmrwoca.exe] C:\Users\MrSkwrl\AppData\Local\Temp\snexmrwoca.exe File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell - "" = AutoRun

O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found

O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found

O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell - "" = AutoRun

O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found

O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found

O33 - MountPoints2\{d64c17e0-8b1c-11df-97c1-00241d755acd}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/06 15:28:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2010/09/06 03:16:32 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/09/06 03:16:32 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/09/06 03:16:32 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/09/06 03:16:32 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/09/06 03:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/09/06 03:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2010/09/06 00:24:22 | 000,000,000 | -HSD | C] -- C:\Users\Owner\.COMMgr

[2010/09/06 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\qkycsinrg

[2010/09/06 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Server

[2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785

[2010/09/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV Demux All

[2010/09/01 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MKVExtractGUI-1.6.4.1

[2010/09/01 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix

[2010/09/01 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix

[2010/09/01 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer

[2010/09/01 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest

[2010/08/31 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Uta Asobi (Uta Ashiibi)

[2010/08/31 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Utabautayun

[2010/08/21 14:13:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2010/08/20 04:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\100MEDIA

[2010/08/20 03:30:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DCIM

[2010/08/06 23:14:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter

[2010/08/06 23:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mp3 Wma Ogg Converter

[2010/08/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PasswordSafe

[2010/08/06 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe

[2010/08/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\beat crusaders

[2010/08/05 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\enka

[2010/07/30 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA

[2010/07/29 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - IDENTITY

[2010/07/28 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010/07/27 06:24:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Tokyo Jihen - Sports

[2010/07/26 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder

[2010/07/21 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - BoA

[2010/07/18 02:03:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM

[2010/07/18 02:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2010/07/18 01:21:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft Games

[2010/07/17 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Toribash

[2010/07/16 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[asian+nation] Tokyo Jihen - Goraku (Variety) [2007.09.26]

[2010/07/15 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Album

[2010/07/15 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Singles

[2010/07/10 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DESKTOP

[2010/07/08 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}

[2010/07/08 13:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame

[2010/06/23 17:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub

[2010/06/22 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\WBGames

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/06 15:31:20 | 002,097,152 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT

[2010/09/06 15:28:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2010/09/06 15:26:13 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/06 15:26:13 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/06 13:52:41 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/09/06 13:52:41 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/09/06 13:52:41 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/09/06 13:51:14 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/09/06 13:51:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/06 04:13:22 | 000,002,891 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.zip

[2010/09/06 03:34:04 | 000,293,376 | ---- | M] () -- C:\Users\Owner\Desktop\0ym8hil9.exe

[2010/09/06 03:29:21 | 000,525,824 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr

[2010/09/06 03:26:38 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/09/06 03:25:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/06 03:25:32 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/06 03:24:39 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TMContainer00000000000000000001.regtrans-ms

[2010/09/06 03:24:39 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TM.blf

[2010/09/06 03:24:27 | 002,070,466 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db

[2010/09/06 03:24:05 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable

[2010/09/06 03:16:39 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/09/06 03:14:06 | 000,007,736 | ---- | M] () -- C:\Users\Owner\Desktop\pwsafe.dat

[2010/09/04 13:22:27 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2010/09/03 23:18:16 | 000,104,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/01 22:01:09 | 000,940,358 | ---- | M] () -- C:\Users\Owner\Desktop\hw1.1.zip

[2010/09/01 21:12:30 | 014,388,036 | ---- | M] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf

[2010/09/01 20:29:00 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk

[2010/08/19 22:57:43 | 002,300,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/06 20:36:18 | 000,000,869 | ---- | M] () -- C:\Users\Owner\Desktop\Password Safe.lnk

[2010/08/06 20:31:02 | 000,007,360 | ---- | M] () -- C:\Users\Owner\Desktop\pw.bak

[2010/07/28 15:44:40 | 000,000,533 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat

[2010/07/08 23:59:39 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat

[2010/07/08 23:59:39 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin

[2010/06/09 17:43:15 | 000,094,026 | ---- | M] () -- C:\Users\Owner\Documents\sms 06.09.10.csv

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/06 04:13:22 | 000,002,891 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.zip

[2010/09/06 03:34:03 | 000,293,376 | ---- | C] () -- C:\Users\Owner\Desktop\0ym8hil9.exe

[2010/09/06 03:29:18 | 000,525,824 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr

[2010/09/06 03:24:04 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable

[2010/09/06 03:16:39 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/09/06 02:31:17 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys

[2010/09/01 22:01:09 | 000,940,358 | ---- | C] () -- C:\Users\Owner\Desktop\hw1.1.zip

[2010/09/01 21:11:57 | 014,388,036 | ---- | C] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf

[2010/09/01 20:29:00 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk

[2010/08/23 19:50:42 | 000,007,736 | ---- | C] () -- C:\Users\Owner\Desktop\pwsafe.dat

[2010/08/06 20:36:18 | 000,000,869 | ---- | C] () -- C:\Users\Owner\Desktop\Password Safe.lnk

[2010/08/06 20:30:26 | 000,007,360 | ---- | C] () -- C:\Users\Owner\Desktop\pw.bak

[2010/07/08 23:59:39 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat

[2010/07/08 23:59:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin

[2010/06/09 17:35:38 | 000,094,026 | ---- | C] () -- C:\Users\Owner\Documents\sms 06.09.10.csv

[2010/05/13 18:17:41 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll

[2010/05/02 20:46:17 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/03/21 12:30:46 | 000,002,699 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/03/03 07:30:48 | 000,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll

[2010/03/03 07:30:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010/01/17 19:32:37 | 000,000,082 | ---- | C] () -- C:\Windows\wininit.ini

[2010/01/15 19:57:44 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll

[2010/01/15 19:57:44 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll

[2009/12/08 02:56:41 | 000,001,342 | ---- | C] () -- C:\Windows\maxlink.ini

[2009/12/08 02:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\calera.ini

[2009/12/08 02:56:30 | 000,269,312 | ---- | C] () -- C:\Windows\SysWow64\FPXIG.DLL

[2009/12/08 02:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\IGFPX32P.DLL

[2009/12/08 02:56:30 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\JPEGACC.DLL

[2009/12/08 02:56:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\WELSOF32.DLL

[2009/11/07 18:40:22 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/10/13 00:52:42 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2009/09/12 00:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/12 00:24:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/08/24 15:43:34 | 000,000,533 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat

[2009/08/14 20:04:32 | 000,104,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/09 21:05:23 | 002,468,130 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NET_Framework35_x64_MSI51FF.txt

[2009/08/09 20:54:25 | 000,200,298 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt

[2009/08/09 20:54:20 | 000,010,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt

[2009/08/09 20:54:20 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt

[2009/08/09 20:54:19 | 000,210,472 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt

[2009/08/09 14:34:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2009/08/09 13:55:12 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat

[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008/12/07 03:24:26 | 000,016,489 | ---- | C] () -- C:\Windows\SysWow64\mswcncorem.dll

[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/07/03 20:04:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msoccwordm.dll

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2010/09/06 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785

[2009/09/05 00:46:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore

[2009/08/27 04:34:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite

[2009/09/27 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DonationCoder

[2010/08/06 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter

[2010/04/29 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame

[2010/01/15 19:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics

[2009/11/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LockHunter

[2010/09/01 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix

[2010/06/02 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag

[2009/10/25 04:06:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet

[2009/10/29 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound

[2010/04/29 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NPLUTO Corporation

[2010/09/06 15:31:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent

[2010/05/01 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VirtuaWin

[2010/02/11 21:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}

[2010/09/06 03:24:30 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 280 bytes -> C:\ProgramData\TEMP:E6E3D650

< End of report >

OTL Extras logfile created on: 9/6/2010 3:33:45 PM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 9.34 Gb Free Space | 2.00% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACORN

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = A2 61 F4 E0 B2 33 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{12CAE947-672F-4F0A-91A3-22A7D743F605}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{19F6C575-0DE6-4180-822F-B969BC43BD0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{4B33F090-569B-46D4-8EAA-715983713B9A}" = lport=48373 | protocol=6 | dir=in | name=utor48373 |

"{A12FBE46-59C2-4A06-B5A7-5A7A621DCE95}" = lport=48373 | protocol=17 | dir=in | name=utor48373(2) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03CFD7C5-5016-47B9-BEAA-FC4906505A23}" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |

"{10008C7D-804C-41F7-B6F4-0E7221E5444B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{2116A77F-8BBC-48C3-9894-2687F08EE357}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{21F7B64E-EE73-4D17-9CAC-8D7B66C8DC85}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |

"{28C7EE7C-4947-4D07-A689-3732405424BB}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{2AE07704-DF3F-47E0-87F6-8D1E2254EB9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2B76B6BE-3C06-4CA3-A409-9F3E50C00EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |

"{32A0DD5D-12A7-49B1-BA81-CD048E95A7DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3D778DAD-1A9E-411C-8AF7-DCED5D38C09F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{421CE9C6-7CDE-412D-830A-9289AF6849F1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{47070328-F319-4A59-8E08-7361869BBD86}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{4A406EFB-3BC3-4071-9432-B9C428C483C0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |

"{4B16D11F-A4C8-4967-B4C3-4CCA8686BD98}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |

"{4FC166E0-333A-4770-8F1D-6B6F85B5D486}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{538DE8A6-E148-4731-A235-3EF97024DDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{5DC5DF3B-FCD7-4D36-8257-DB4384C1D5E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5DCFA4AB-7718-44E4-9A56-5ADA8437B77E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{6106CDA2-1795-43C1-88A3-77FE9E22F187}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{64B51865-FC03-47F9-9939-EF8176F14999}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{6EA209BC-1227-45C3-873A-9D95DA34273B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6F6E7128-DA17-46C2-85D7-B00E4322A460}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{702116E5-F76F-4C4A-A13C-D8B5E5B3B82A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{7A02738F-0590-4851-A8A8-184A16D97515}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |

"{833D682D-83C2-4B31-B203-372BD2238DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{866AFBBF-BCDF-4F79-82F1-3C610EF169BA}" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |

"{877AE5E1-EFE5-4955-BB4C-237772A45A59}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{87A6DB9F-9893-4F86-A23B-F9B512414870}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{94B4DC00-EA11-4CBA-B27C-5CBB3CADB4DE}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |

"{9930B698-827C-4A72-81A5-E69BBB8E421E}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{9B000436-58A5-435F-B6F4-10619B205223}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{A2B17FBD-B2C7-4399-9CAF-E3E89F75ED1B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |

"{ACFBA339-09CA-40CF-81BD-49AF87AF7D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{C775BB9C-B25A-4ADD-AA26-1E1B6F3318D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C9FC528F-7E25-4788-8F90-389504D3981C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DCD94E9D-272C-463A-A65D-05CFD67CCF70}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |

"{E8230265-8279-4BBC-AB05-E65BB98B9D47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EAD4ABC4-A2BC-4C50-95B5-4AFEE34EBBCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EF78AA56-99AF-4B43-84D5-BEB07B84ACF1}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |

"{F6955A82-B2FE-49DD-A930-4F9301871CDA}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{F988197D-35E2-4F82-85D5-D84361B4E125}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |

"{FFF32ACA-A405-413A-A3E3-961436FD41D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"TCP Query User{0EF3B34B-EBBD-4466-96D7-91C34481FF8B}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |

"TCP Query User{122DE5D2-59B3-49F1-8BBB-48F3AA8F42A6}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |

"TCP Query User{1D04C9F9-366C-453E-B522-80DE5353B069}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |

"TCP Query User{41A5270C-08C5-4B3B-AC7E-09ABAC2A4966}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |

"TCP Query User{6082C113-97AD-4841-BF48-1DB6327FCFCE}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |

"TCP Query User{93FC7FE3-8085-4BB1-B108-D2F2912B0280}C:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\call of duty 4 - modern warfare\iw3mp.exe |

"UDP Query User{2FA6406D-059E-4B38-8CC8-A642AC2B6D4C}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |

"UDP Query User{38D2ECFA-AC55-45BB-B59A-F906B4D34F8A}C:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe |

"UDP Query User{5CFE22D1-8566-4CEB-882D-8C4DE4D1E0EB}C:\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\call of duty 4 - modern warfare\iw3mp.exe |

"UDP Query User{9DDE3D42-91E9-4445-A0D9-363F4602D00F}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |

"UDP Query User{F5337B38-E62B-46EA-A7E5-1A1A674BB6A3}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |

"UDP Query User{FA7763EB-590D-4636-A0D5-3C1A9E5E2C36}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}" = HP Deskjet Printer Driver Software. 8.0.B

"{1D0CA3FB-CD50-4F22-85EE-7A9451C9A792}" = iTunes

"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9B1EF559-C401-4DC2-A456-F0C464F1C7E7}" = NetDeviceManager64

"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support

"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{FA74243F-4291-4d0a-AF6C-56C69F1CF1D2}" = SF_CDB_ToolboxIni64

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54

"cyple_is1" = Cypherix LE

"Hide Folders 2009_is1" = Hide Folders 2009 3.2 for Windows XP/Vista

"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{3822F6D9-F309-41f4-BB98-DA061F0BA8B3}" = SF_CDB_Software

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR

"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers

"{ACF1662C-404B-47AD-9D57-5CA7C9307284}_is1" = Free Mp3 Wma Ogg Converter 7.1.1

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE

"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

I see some active malware here, but before starting to remove this, I want to check out some files, since it looks you also may have some patched windows files.

Please rerun OTL and copy/paste the following text into the "custom scan/fix" field. Click the NONE button and then Run Scan.

/md5start
explorer.exe
wininit.exe
hlp.dat
/md5stop

Link to post
Share on other sites

Here is the OTL log after doing that:

OTL logfile created on: 9/7/2010 5:09:46 PM - Run 4

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 9.44 Gb Free Space | 2.03% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 15.06 Gb Total Space | 14.73 Gb Free Space | 97.82% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACORN

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe

[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe

[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe

[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe

[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=5903EB4ADCD7149D691140161AC4A5B6 -- C:\Windows\explorer.exe

[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe

[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe

[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe

[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe

[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe

[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe

[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: HLP.DAT >

[2009/04/11 02:26:45 | 000,034,699 | ---- | M] () MD5=988D9624B4220182DFF971C1D18D73EC -- C:\Windows\SysWOW64\hlp.dat

[2009/04/11 02:26:45 | 000,034,699 | ---- | M] () MD5=988D9624B4220182DFF971C1D18D73EC -- C:\Windows\SysWOW64\hlp.dat

< MD5 for: WININIT.EXE >

[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008/01/20 22:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=F9007C650A1C12B7D2EDF22F6F63D420 -- C:\Windows\SysWOW64\wininit.exe

[2008/01/20 22:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=F9007C650A1C12B7D2EDF22F6F63D420 -- C:\Windows\SysWOW64\wininit.exe

< End of report >

Link to post
Share on other sites

Hi, that confirms indeed the infection. Please follow the instructions below carefully!

This fix is written for this user only!! Using this on another computer can result in serious problems!

Please press the Windows key + R and type NOTEPAD in the runbox. Copy paste the following text into Notepad and save it to your desktop as copy.bat

copy C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe c:\wininit.exe
copy C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe c:\explorer.exe
del %0

Exit notepad and run copy.bat by doubleclicking it. Verify that c:\explorer.exe and c:\wininit.exe have been created.

Only continue if those two files exist!

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

Click OK at the warning (and take note of it, this is a VERY powerful tool!).

Click the script tab and copy/paste the following text there:

DeleteFile:
C:\Windows\explorer.exe
c:\windows\syswow64\wininit.exe
MoveFile:
C:\explorer.exe C:\Windows\explorer.exe
C:\wininit.exe c:\windows\syswow64\wininit.exe

Click Execute Now. Your computer will need to reboot in order to replace the files.

When done, post me the report created by Blitzblank.

Link to post
Share on other sites

Okay. I did as per your instructions.

Is the report the file C:\blitzblank ?

here it is:

BlitzBlank 1.0.0.29

File/Registry Modification Engine native application

MoveFileOnReboot: sourceFile = "\??\c:\windows\explorer.exe", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\wininit.exe", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\explorer.exe", destinationFile = "\??\c:\windows\explorer.exe", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\wininit.exe", destinationFile = "\??\c:\windows\syswow64\wininit.exe", replaceWithDummy = 0

Link to post
Share on other sites

Thank you! my task bar is back to normal now. However, I ran mbam again and found 5 more infections. The 3 that say "delete on reboot" seem to be the same ones as before (and stay after reboot). I am also still getting the search redirects in Firefox.

Here is the mbam log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4584

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

9/9/2010 4:22:55 PM

mbam-log-2010-09-09 (16-22-55).txt

Scan type: Quick scan

Objects scanned: 137565

Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snexmrwoca.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.

C:\Users\Owner\AppData\Local\Temp\snexmrwoca.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Local\Temp\seancomrwx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi, first of all a warning: this is detected by MBAM as a keylogger. Therefore, I strongly recommend not to do any online banking/transactions using this computer! If you did do so, it would be wise to contact your bank to let them know your data might be compromised.

I also recommend you get to a clean computer to change any passwords (email, and so on).

A keylogger is a malicious application that is able to log what you enter in certain forms. Fortunately many online applications use some form of protection against such actions, but it is difficult to say what a keylogger is able to log once on your system; better safe than sorry.

That being said, lets start cleaning this!

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    SRV - [2008/06/29 23:04:11 | 000,077,903 | ---- | M] (Hlp) [Auto | Running] -- c:\Windows\SysWOW64\rooseh.exe -- (ygznbywjlyycso)
    IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
    O4 - HKLM..\Run: [snexmrwoca.exe] C:\Users\MrSkwrl\AppData\Local\Temp\snexmrwoca.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O7 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

    :files
    C:\Windows\System32\msounkernm.dll

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

When done, run a new MBAM quick scan (be sure to update first) and post me that log as well.

Link to post
Share on other sites

I accidentally closed the OTL log. From what I remember, it seemed to have fixed everything (including nofolderoptions) except msounkernm.dll, which it said "file not found."

MBAM still does not seem able to remove msounkernm.dll.

MBAM report:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4591

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

9/10/2010 5:07:31 PM

mbam-log-2010-09-10 (17-07-31).txt

Scan type: Quick scan

Objects scanned: 137317

Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Delete on reboot.

Link to post
Share on other sites

I also noticed that my "Documents and settings" folder is hidden and gives "Access is denied" message, although mbam seems to give me clean results now.

What should I do next?

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4594

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

9/11/2010 2:24:08 PM

mbam-log-2010-09-11 (14-24-08).txt

Scan type: Quick scan

Objects scanned: 137313

Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Quarantined and deleted successfully.

OTL quick scan log:

OTL logfile created on: 9/11/2010 2:25:14 PM - Run 6

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 4.99 Gb Free Space | 1.07% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACORN

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/04/28 21:17:13 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\SwitchDesk.exe

PRC - [2009/08/24 16:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe

PRC - [2008/04/24 21:46:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe

PRC - [2008/04/24 21:46:32 | 000,116,224 | ---- | M] (VirtuaWin) -- C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe

========== Modules (SafeList) ==========

MOD - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd)

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)

SRV:64bit: - [2008/09/02 07:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\cypherixsrv.exe -- (cypherixservice)

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2009/11/28 16:40:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/05/03 13:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [On_Demand | Stopped] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)

SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)

SRV - [2006/12/10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\FDCENT.SYS -- (FDCENT)

DRV:64bit: - [2010/05/01 00:44:31 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)

DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys -- (LgBttPort)

DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys -- (LGVMODEM)

DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys -- (lgbusenum)

DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/08/26 19:06:36 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/08/14 22:06:34 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)

DRV:64bit: - [2009/08/14 22:06:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/11/19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2008/11/19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2008/11/19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)

DRV:64bit: - [2008/09/05 14:54:12 | 000,102,392 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\cyphxdrv.sys -- (cyphxdrv)

DRV:64bit: - [2008/06/06 17:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter)

DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2010/09/10 17:08:49 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2010/09/06 16:56:19 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)

DRV - [2008/01/15 17:09:42 | 000,047,470 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCENT.SYS -- (FDCENT)

DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)

DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13

FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4

FF - prefs.js..extensions.enabledItems: {76D00298-1B6D-4487-AC9A-A797951ED953}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{76D00298-1B6D-4487-AC9A-A797951ED953}: C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}\ [2010/07/08 23:59:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/08 13:59:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/08 13:59:29 | 000,000,000 | ---D | M]

[2009/08/09 03:29:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions

[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions

[2010/02/27 12:21:42 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}

[2010/04/28 19:17:28 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

[2009/09/09 02:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}

[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}

[2010/04/28 06:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}

[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell - "" = AutoRun

O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found

O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found

O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell - "" = AutoRun

O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found

O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found

O33 - MountPoints2\{d64c17e0-8b1c-11df-97c1-00241d755acd}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/10 16:58:09 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/09/08 18:47:23 | 001,137,528 | ---- | C] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe

[2010/09/06 15:28:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2010/09/06 00:24:22 | 000,000,000 | -HSD | C] -- C:\Users\Owner\.COMMgr

[2010/09/06 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\qkycsinrg

[2010/09/06 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Server

[2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785

[2010/09/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV Demux All

[2010/09/01 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MKVExtractGUI-1.6.4.1

[2010/09/01 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix

[2010/09/01 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix

[2010/09/01 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer

[2010/09/01 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest

[2010/08/31 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Uta Asobi (Uta Ashiibi)

[2010/08/31 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Utabautayun

[2010/08/21 14:13:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2010/08/20 04:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\100MEDIA

[2010/08/20 03:30:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DCIM

[2010/08/06 23:14:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter

[2010/08/06 23:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mp3 Wma Ogg Converter

[2010/08/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PasswordSafe

[2010/08/06 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe

[2010/08/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\beat crusaders

[2010/08/05 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\enka

[2010/07/30 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA

[2010/07/29 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - IDENTITY

[2010/07/28 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010/07/27 06:24:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Tokyo Jihen - Sports

[2010/07/26 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder

[2010/07/21 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - BoA

[2010/07/18 02:03:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM

[2010/07/18 02:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2010/07/18 01:21:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft Games

[2010/07/17 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Toribash

[2010/07/16 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[asian+nation] Tokyo Jihen - Goraku (Variety) [2007.09.26]

[2010/07/15 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Album

[2010/07/15 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Singles

[2010/07/10 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DESKTOP

[2010/07/08 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}

[2010/07/08 13:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame

[2010/06/23 17:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub

[2010/06/22 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\WBGames

========== Files - Modified Within 90 Days ==========

[2010/09/11 14:24:12 | 002,097,152 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT

[2010/09/11 13:29:54 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/09/11 13:29:53 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/09/11 13:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/10 17:15:14 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/09/10 17:15:14 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/09/10 17:15:14 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/09/10 17:08:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/10 17:08:35 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/10 17:07:44 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TMContainer00000000000000000001.regtrans-ms

[2010/09/10 17:07:44 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TM.blf

[2010/09/10 17:07:37 | 002,215,813 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db

[2010/09/09 16:11:04 | 003,382,241 | ---- | M] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf

[2010/09/08 18:47:53 | 001,137,528 | ---- | M] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe

[2010/09/06 16:56:19 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2010/09/06 04:13:22 | 000,002,891 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.zip

[2010/09/06 03:34:04 | 000,293,376 | ---- | M] () -- C:\Users\Owner\Desktop\0ym8hil9.exe

[2010/09/06 03:29:21 | 000,525,824 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr

[2010/09/06 03:24:05 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable

[2010/09/06 03:14:06 | 000,007,736 | ---- | M] () -- C:\Users\Owner\Desktop\pwsafe.dat

[2010/09/04 13:22:27 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2010/09/03 23:18:16 | 000,104,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/01 22:01:09 | 000,940,358 | ---- | M] () -- C:\Users\Owner\Desktop\hw1.1.zip

[2010/09/01 21:12:30 | 014,388,036 | ---- | M] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf

[2010/09/01 20:29:00 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk

[2010/08/19 22:57:43 | 002,300,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/06 20:36:18 | 000,000,869 | ---- | M] () -- C:\Users\Owner\Desktop\Password Safe.lnk

[2010/08/06 20:31:02 | 000,007,360 | ---- | M] () -- C:\Users\Owner\Desktop\pw.bak

[2010/07/28 15:44:40 | 000,000,533 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat

[2010/07/08 23:59:39 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat

[2010/07/08 23:59:39 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin

========== Files Created - No Company Name ==========

[2010/09/09 16:10:19 | 003,382,241 | ---- | C] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf

[2010/09/06 16:16:14 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/09/06 04:13:22 | 000,002,891 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.zip

[2010/09/06 03:34:03 | 000,293,376 | ---- | C] () -- C:\Users\Owner\Desktop\0ym8hil9.exe

[2010/09/06 03:29:18 | 000,525,824 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr

[2010/09/06 03:24:04 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable

[2010/09/06 02:31:17 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys

[2010/09/01 22:01:09 | 000,940,358 | ---- | C] () -- C:\Users\Owner\Desktop\hw1.1.zip

[2010/09/01 21:11:57 | 014,388,036 | ---- | C] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf

[2010/09/01 20:29:00 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk

[2010/08/23 19:50:42 | 000,007,736 | ---- | C] () -- C:\Users\Owner\Desktop\pwsafe.dat

[2010/08/06 20:36:18 | 000,000,869 | ---- | C] () -- C:\Users\Owner\Desktop\Password Safe.lnk

[2010/08/06 20:30:26 | 000,007,360 | ---- | C] () -- C:\Users\Owner\Desktop\pw.bak

[2010/07/08 23:59:39 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat

[2010/07/08 23:59:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin

[2010/05/13 18:17:41 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll

[2010/05/02 20:46:17 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/03/21 12:30:46 | 000,002,699 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/03/03 07:30:48 | 000,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll

[2010/03/03 07:30:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010/01/17 19:32:37 | 000,000,082 | ---- | C] () -- C:\Windows\wininit.ini

[2010/01/15 19:57:44 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll

[2010/01/15 19:57:44 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll

[2009/12/08 02:56:41 | 000,001,342 | ---- | C] () -- C:\Windows\maxlink.ini

[2009/12/08 02:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\calera.ini

[2009/12/08 02:56:30 | 000,269,312 | ---- | C] () -- C:\Windows\SysWow64\FPXIG.DLL

[2009/12/08 02:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\IGFPX32P.DLL

[2009/12/08 02:56:30 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\JPEGACC.DLL

[2009/12/08 02:56:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\WELSOF32.DLL

[2009/11/07 18:40:22 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/10/13 00:52:42 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2009/09/12 00:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/12 00:24:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/08/24 15:43:34 | 000,000,533 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat

[2009/08/14 20:04:32 | 000,104,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/09 21:05:23 | 002,468,130 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NET_Framework35_x64_MSI51FF.txt

[2009/08/09 20:54:25 | 000,200,298 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt

[2009/08/09 20:54:20 | 000,010,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt

[2009/08/09 20:54:20 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt

[2009/08/09 20:54:19 | 000,210,472 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt

[2009/08/09 14:34:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2009/08/09 13:55:12 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat

[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/07/03 20:04:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msoccwordm.dll

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 13:50:17 | 000,016,489 | ---- | C] () -- C:\Windows\SysWow64\mswcncorem.dll

[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2010/09/06 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785

[2009/09/05 00:46:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore

[2009/08/27 04:34:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite

[2009/09/27 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DonationCoder

[2010/08/06 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter

[2010/04/29 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame

[2010/01/15 19:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics

[2009/11/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LockHunter

[2010/09/01 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix

[2010/06/02 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag

[2009/10/25 04:06:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet

[2009/10/29 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound

[2010/04/29 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NPLUTO Corporation

[2010/09/10 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent

[2010/05/01 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VirtuaWin

[2010/02/11 21:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}

[2010/09/10 17:07:39 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 280 bytes -> C:\ProgramData\TEMP:E6E3D650

< End of report >

I also noticed that my "Documents and settings" folder is hidden and gives "Access is denied" message, although mbam seems to give me clean results now.

What should I do next?

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4594

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

9/11/2010 2:24:08 PM

mbam-log-2010-09-11 (14-24-08).txt

Scan type: Quick scan

Objects scanned: 137313

Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\msounkernm.dll (Trojan.KeyLogger) -> Quarantined and deleted successfully.

OTL quick scan log:

OTL logfile created on: 9/11/2010 2:25:14 PM - Run 6

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Owner\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 4.99 Gb Free Space | 1.07% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACORN

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/04/28 21:17:13 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\SwitchDesk.exe

PRC - [2009/08/24 16:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe

PRC - [2008/04/24 21:46:34 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe

PRC - [2008/04/24 21:46:32 | 000,116,224 | ---- | M] (VirtuaWin) -- C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe

========== Modules (SafeList) ==========

MOD - [2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd)

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)

SRV:64bit: - [2008/09/02 07:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\cypherixsrv.exe -- (cypherixservice)

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2009/11/28 16:40:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/05/03 13:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [On_Demand | Stopped] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)

SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)

SRV - [2006/12/10 22:41:14 | 000,843,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\FDCENT.SYS -- (FDCENT)

DRV:64bit: - [2010/05/01 00:44:31 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)

DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys -- (LgBttPort)

DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys -- (LGVMODEM)

DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys -- (lgbusenum)

DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/08/26 19:06:36 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/08/14 22:06:34 | 000,311,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)

DRV:64bit: - [2009/08/14 22:06:33 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/11/19 18:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2008/11/19 18:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2008/11/19 18:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2008/11/10 08:26:30 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)

DRV:64bit: - [2008/09/05 14:54:12 | 000,102,392 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\cyphxdrv.sys -- (cyphxdrv)

DRV:64bit: - [2008/06/06 17:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\FSPFltd.sys -- (FSProFilter)

DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2007/11/06 16:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2010/09/10 17:08:49 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2010/09/06 16:56:19 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)

DRV - [2008/01/15 17:09:42 | 000,047,470 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\FDCENT.SYS -- (FDCENT)

DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)

DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13

FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4

FF - prefs.js..extensions.enabledItems: {76D00298-1B6D-4487-AC9A-A797951ED953}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{76D00298-1B6D-4487-AC9A-A797951ED953}: C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}\ [2010/07/08 23:59:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/08 13:59:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/08 13:59:29 | 000,000,000 | ---D | M]

[2009/08/09 03:29:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions

[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions

[2010/02/27 12:21:42 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}

[2010/04/28 19:17:28 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

[2009/09/09 02:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}

[2010/02/27 12:29:40 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}

[2010/04/28 06:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\dytnt4su.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}

[2010/07/09 00:17:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3721307388-1860386797-2565223514-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\desert.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell - "" = AutoRun

O33 - MountPoints2\{3abc5f33-eabc-11de-a964-00241d755acd}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found

O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4ed22648-8525-11de-88b0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found

O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell - "" = AutoRun

O33 - MountPoints2\{4ed299c4-9295-11de-91d7-00241d755acd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found

O33 - MountPoints2\{905b6d43-9fa5-11de-a621-00241d755acd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found

O33 - MountPoints2\{d64c17e0-8b1c-11df-97c1-00241d755acd}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/10 16:58:09 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/09/08 18:47:23 | 001,137,528 | ---- | C] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe

[2010/09/06 15:28:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2010/09/06 00:24:22 | 000,000,000 | -HSD | C] -- C:\Users\Owner\.COMMgr

[2010/09/06 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\qkycsinrg

[2010/09/06 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Server

[2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785

[2010/09/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV Demux All

[2010/09/01 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MKVExtractGUI-1.6.4.1

[2010/09/01 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix

[2010/09/01 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix

[2010/09/01 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer

[2010/09/01 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest

[2010/08/31 18:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Uta Asobi (Uta Ashiibi)

[2010/08/31 17:56:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ikue Asazaki - Utabautayun

[2010/08/21 14:13:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2010/08/20 04:19:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\100MEDIA

[2010/08/20 03:30:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DCIM

[2010/08/06 23:14:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter

[2010/08/06 23:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mp3 Wma Ogg Converter

[2010/08/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PasswordSafe

[2010/08/06 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe

[2010/08/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\beat crusaders

[2010/08/05 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\enka

[2010/07/30 22:25:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA

[2010/07/29 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - IDENTITY

[2010/07/28 15:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010/07/27 06:24:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Tokyo Jihen - Sports

[2010/07/26 15:33:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder

[2010/07/21 07:26:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BoA - BoA

[2010/07/18 02:03:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM

[2010/07/18 02:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2010/07/18 01:21:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft Games

[2010/07/17 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Toribash

[2010/07/16 07:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\[asian+nation] Tokyo Jihen - Goraku (Variety) [2007.09.26]

[2010/07/15 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Album

[2010/07/15 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Singles

[2010/07/10 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DESKTOP

[2010/07/08 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{76D00298-1B6D-4487-AC9A-A797951ED953}

[2010/07/08 13:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame

[2010/06/23 17:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub

[2010/06/22 23:54:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\WBGames

========== Files - Modified Within 90 Days ==========

[2010/09/11 14:24:12 | 002,097,152 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT

[2010/09/11 13:29:54 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/09/11 13:29:53 | 000,035,381 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/09/11 13:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/11 05:08:39 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/10 17:15:14 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/09/10 17:15:14 | 000,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/09/10 17:15:14 | 000,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/09/10 17:08:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/10 17:08:35 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/10 17:07:44 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TMContainer00000000000000000001.regtrans-ms

[2010/09/10 17:07:44 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3fb50e38-d7c1-11dd-8b2d-00241d755acd}.TM.blf

[2010/09/10 17:07:37 | 002,215,813 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db

[2010/09/09 16:11:04 | 003,382,241 | ---- | M] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf

[2010/09/08 18:47:53 | 001,137,528 | ---- | M] (Emsi Software GmbH) -- C:\Users\Owner\Desktop\BlitzBlank.exe

[2010/09/06 16:56:19 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/09/06 16:43:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2010/09/06 04:13:22 | 000,002,891 | ---- | M] () -- C:\Users\Owner\Desktop\Attach.zip

[2010/09/06 03:34:04 | 000,293,376 | ---- | M] () -- C:\Users\Owner\Desktop\0ym8hil9.exe

[2010/09/06 03:29:21 | 000,525,824 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr

[2010/09/06 03:24:05 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable

[2010/09/06 03:14:06 | 000,007,736 | ---- | M] () -- C:\Users\Owner\Desktop\pwsafe.dat

[2010/09/04 13:22:27 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2010/09/03 23:18:16 | 000,104,448 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/01 22:01:09 | 000,940,358 | ---- | M] () -- C:\Users\Owner\Desktop\hw1.1.zip

[2010/09/01 21:12:30 | 014,388,036 | ---- | M] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf

[2010/09/01 20:29:00 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk

[2010/08/19 22:57:43 | 002,300,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/06 20:36:18 | 000,000,869 | ---- | M] () -- C:\Users\Owner\Desktop\Password Safe.lnk

[2010/08/06 20:31:02 | 000,007,360 | ---- | M] () -- C:\Users\Owner\Desktop\pw.bak

[2010/07/28 15:44:40 | 000,000,533 | ---- | M] () -- C:\ProgramData\nvUnsupRes.dat

[2010/07/08 23:59:39 | 000,000,120 | ---- | M] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat

[2010/07/08 23:59:39 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin

========== Files Created - No Company Name ==========

[2010/09/09 16:10:19 | 003,382,241 | ---- | C] () -- C:\Users\Owner\Desktop\Phu Tran - Rose v3 (2007).pdf

[2010/09/06 16:16:14 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/09/06 04:13:22 | 000,002,891 | ---- | C] () -- C:\Users\Owner\Desktop\Attach.zip

[2010/09/06 03:34:03 | 000,293,376 | ---- | C] () -- C:\Users\Owner\Desktop\0ym8hil9.exe

[2010/09/06 03:29:18 | 000,525,824 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr

[2010/09/06 03:24:04 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable

[2010/09/06 02:31:17 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys

[2010/09/01 22:01:09 | 000,940,358 | ---- | C] () -- C:\Users\Owner\Desktop\hw1.1.zip

[2010/09/01 21:11:57 | 014,388,036 | ---- | C] () -- C:\Users\Owner\Desktop\week 1-vitruvius-book 1.pdf

[2010/09/01 20:29:00 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\Bitrate Viewer.lnk

[2010/08/23 19:50:42 | 000,007,736 | ---- | C] () -- C:\Users\Owner\Desktop\pwsafe.dat

[2010/08/06 20:36:18 | 000,000,869 | ---- | C] () -- C:\Users\Owner\Desktop\Password Safe.lnk

[2010/08/06 20:30:26 | 000,007,360 | ---- | C] () -- C:\Users\Owner\Desktop\pw.bak

[2010/07/08 23:59:39 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Kqomoxebuxeyak.dat

[2010/07/08 23:59:39 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Mqudofoseq.bin

[2010/05/13 18:17:41 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll

[2010/05/02 20:46:17 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/03/21 12:30:46 | 000,002,699 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/03/03 07:30:48 | 000,399,360 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll

[2010/03/03 07:30:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010/01/17 19:32:37 | 000,000,082 | ---- | C] () -- C:\Windows\wininit.ini

[2010/01/15 19:57:44 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll

[2010/01/15 19:57:44 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll

[2009/12/08 02:56:41 | 000,001,342 | ---- | C] () -- C:\Windows\maxlink.ini

[2009/12/08 02:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\calera.ini

[2009/12/08 02:56:30 | 000,269,312 | ---- | C] () -- C:\Windows\SysWow64\FPXIG.DLL

[2009/12/08 02:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\IGFPX32P.DLL

[2009/12/08 02:56:30 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\JPEGACC.DLL

[2009/12/08 02:56:20 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\WELSOF32.DLL

[2009/11/07 18:40:22 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/10/13 00:52:42 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2009/09/12 00:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/12 00:24:10 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/08/24 15:43:34 | 000,000,533 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat

[2009/08/14 20:04:32 | 000,104,448 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/09 21:05:23 | 002,468,130 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_NET_Framework35_x64_MSI51FF.txt

[2009/08/09 20:54:25 | 000,200,298 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt

[2009/08/09 20:54:20 | 000,010,344 | ---- | C] () -- C:\Users\Owner\AppData\Local\uxeventlog.txt

[2009/08/09 20:54:20 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35error.txt

[2009/08/09 20:54:19 | 000,210,472 | ---- | C] () -- C:\Users\Owner\AppData\Local\dd_dotnetfx35install.txt

[2009/08/09 14:34:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2009/08/09 13:55:12 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat

[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/08/09 03:02:31 | 000,035,381 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/07/03 20:04:11 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\msoccwordm.dll

[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 13:50:17 | 000,016,489 | ---- | C] () -- C:\Windows\SysWow64\mswcncorem.dll

[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2010/09/06 00:24:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\8866E251DB9D14EA404E937F3D963785

[2009/09/05 00:46:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore

[2009/08/27 04:34:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite

[2009/09/27 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DonationCoder

[2010/08/06 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Free Mp3 Wma Ogg Converter

[2010/04/29 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ijjigame

[2010/01/15 19:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LG Electronics

[2009/11/11 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LockHunter

[2010/09/01 20:47:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mkvtoolnix

[2010/06/02 22:43:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag

[2009/10/25 04:06:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet

[2009/10/29 04:38:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound

[2010/04/29 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NPLUTO Corporation

[2010/09/10 18:02:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent

[2010/05/01 05:32:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VirtuaWin

[2010/02/11 21:00:16 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}

[2010/09/10 17:07:39 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 280 bytes -> C:\ProgramData\TEMP:E6E3D650

< End of report >

Link to post
Share on other sites

I'm glad to hear that! ;) Lets do some updating and final scanning.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.