Junior Member
I have scanned my pc with kaspersky 2010, it has detected no virus but everytime when I started or scanned my pc with malwarebytes it have detect a virus in my temp folder called xXx.XxX file. Everytime I delete with malwarebytes or manually/safemode it return again
Here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:27:37 PM, on 1/23/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Y\AppData\Local\Temp\mswinsrv.exe
C:\Users\Y\AppData\Local\Temp\mswinsrv.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Y\Desktop\HiJackThis.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [adiras] C:\Windows\adirasx64.exe
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\Y\AppData\Local\Google\Update\GoogleUpda te.exe" /c
O4 - HKCU\..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver Utility] C:\Users\Y\AppData\Local\Temp\mswinsrv.exe
O4 - HKCU\..\Run: [sysdiagol.exe] C:\windows\\sysdiagol.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/mis...ex-2.2.5.0.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll c:\progra~2\kasper~1\kasper~1\sbhook.dll c:\progra~2\bandoo\bndhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlServi ce.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~2\Bandoo\Bandoo.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13679 bytes
Please tell me if my pc is affected or not thank in advance
Senior Member
Print these instructions out.
NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe
***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***
STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.
PHYSICALLY DISCONNECT FROM THE INTERNET
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
RECONNECT TO THE INTERNET
RESTART COMPUTER!
STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
RESTART COMPUTER!
STEP 3. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.
RESTART COMPUTER
STEP 4.
Post fresh HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Junior Member
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
Generated 01/24/2010 at 01:05 PM
Application Version : 4.33.1000
Core Rules Database Version : 4511
Trace Rules Database Version: 2323
Scan type : Complete Scan
Total Scan Time : 00:38:56
Memory items scanned : 156
Memory threats detected : 0
Registry items scanned : 7639
Registry threats detected : 0
File items scanned : 52468
File threats detected : 106
Adware.Tracking Cookie
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@doubleclick[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@ar.atwola[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@hitbox[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@content.yieldmanager[3].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@content.yieldmanager[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@ad.yieldmanager[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@cdn.at.atwola[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@tacoda[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@ehg-zoomerang.hitbox[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@atwola[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@atdmt[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@at.atwola[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@mediaplex[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@advertising[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\y@apmebf[1].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@hearstdigital.122.2o7[1].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@doubleclick[1].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@adtech[1].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@revsci[2].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@sexetc[3].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@content.yieldmanager[2].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@apmebf[1].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@statcounter[1].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@www.sexetc[2].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@nakedwithsockson[2].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@ad.yieldmanager[2].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@content.yieldmanager[3].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@chitika[1].txt
C:\Users\Arvin\AppData\Roaming\Microsoft\Windows\C ookies\Low\arvin@adserver.vibranceassociates[2].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@zedo[2].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@apmebf[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@adrevolver[2].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@content.yieldmanager[3].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@media.adrevolver[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@ad.yieldmanager[2].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@tribalfusion[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@media6degrees[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@fastclick[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@atdmt[2].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@content.yieldmanager[2].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@doubleclick[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\Low \nishma_&_papa@microsoftoffice.112.2o7[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\nis hma_&_papa@apmebf[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\nis hma_&_papa@content.yieldmanager[3].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\nis hma_&_papa@content.yieldmanager[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\nis hma_&_papa@ad.yieldmanager[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\nis hma_&_papa@atdmt[1].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\nis hma_&_papa@mediaplex[2].txt
C:\Users\Nishma & papa\AppData\Roaming\Microsoft\Windows\Cookies\nis hma_&_papa@doubleclick[1].txt
C:\Users\Y\AppData\Local\Temp\Cookies\y@atdmt[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@ad.wsod[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@ad.yieldmanager[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@adbrite[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@advertising[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@apmebf[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@at.atwola[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@atdmt[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@atwola[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@cdn.at.atwola[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@click.cashengines[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@clicksor[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@collective-media[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@content.yieldmanager[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@content.yieldmanager[3].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@counter.hitslink[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@doubleclick[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@edge.ru4[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@ehg-fifa.hitbox[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@ehg-nokiafin.hitbox[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@ext-us.bestofmedia[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@hitbox[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@lfstmedia[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@msnportal.112.2o7[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@mediaplex[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@myroitracking[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@smartadserver[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@statcounter[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@tacoda[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@tribalfusion[2].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@www.googleadservices[1].txt
C:\Users\Y\AppData\Roaming\Microsoft\Windows\Cooki es\Low\y@xiti[1].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@microsoftwindows.112. 2o7[1].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[2].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[3].txt
C:\Windows.old\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
D:\Documents and Settings\yas\Cookies\yas@content.yieldmanager.edge suite[2].txt
D:\Documents and Settings\yas\Cookies\yas@99counters[1].txt
D:\Documents and Settings\yas\Cookies\yas@ad.yieldmanager[2].txt
D:\Documents and Settings\yas\Cookies\yas@adopt.euroclick[2].txt
D:\Documents and Settings\yas\Cookies\yas@atdmt[2].txt
D:\Documents and Settings\yas\Cookies\yas@clickbank[1].txt
D:\Documents and Settings\yas\Cookies\yas@hosted.justteenmovie[2].txt
D:\Documents and Settings\yas\Cookies\yas@content.yieldmanager[2].txt
D:\Documents and Settings\yas\Cookies\yas@content.yieldmanager[3].txt
D:\Documents and Settings\yas\Cookies\yas@doubleclick[1].txt
D:\Documents and Settings\yas\Cookies\yas@media6degrees[1].txt
D:\Documents and Settings\yas\Cookies\yas@oberon-media[1].txt
Trojan.Agent/Gen-HackPatch
C:\USERS\Y\APPDATA\LOCAL\TEMP\CRYS18.EXE
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\CRYS18.EXE
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
1/24/2010 3:38:16 PM
mbam-log-2010-01-24 (15-38-16).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 365006
Time elapsed: 1 hour(s), 56 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Y\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Y\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Y\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
GMER has detected nothing and when I start it or scan it I get this error:
C:\windows\system32\config\system: the system cannot find the file specified.
Junior Member
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:33:58 PM, on 1/24/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker. exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Y\AppData\Local\Temp\mswinsrv.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\PhotoshopServer.exe
C:\Users\Y\Desktop\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [adiras] C:\Windows\adirasx64.exe
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\Y\AppData\Local\Google\Update\GoogleUpda te.exe" /c
O4 - HKCU\..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver Utility] C:\Users\Y\AppData\Local\Temp\mswinsrv.exe
O4 - HKCU\..\Run: [sysdiagol.exe] C:\windows\\sysdiagol.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/mis...ex-2.2.5.0.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll c:\progra~2\kasper~1\kasper~1\sbhook.dll c:\progra~2\bandoo\bndhook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlServi ce.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~2\Bandoo\Bandoo.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13876 bytes
UuU.uUu and XxX.xXx is still there
Last edited by yas; 24-01-2010 at 12:39 PM.
Senior Member
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Junior Member
OTL logfile created on: 1/25/2010 10:40:10 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Y\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 379.01 Gb Free Space | 81.37% Space Free | Partition Type: NTFS
Drive D: | 76.32 Gb Total Space | 34.65 Gb Free Space | 45.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.46 Gb Total Space | 0.73 Gb Free Space | 9.82% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: Y-PC
Current User Name: Y
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/01/25 10:38:59 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Y\Downloads\OTL.exe
PRC - [2010/01/13 21:37:30 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/01/08 12:53:12 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Users\Y\AppData\Local\Google\Update\GoogleUpdat e.exe
PRC - [2010/01/07 16:07:10 | 00,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/01/06 19:34:15 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/12/30 21:04:54 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/12/27 09:31:46 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2009/11/20 19:17:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/10 17:31:24 | 02,531,080 | ---- | M] (Robin Hood Software Ltd.) -- C:\Program Files (x86)\Evidence Eliminator\Ee.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/10/15 13:51:51 | 00,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2009/09/24 01:38:18 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/08/29 1010 | 00,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/03 09:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
PRC - [2009/07/28 04:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/05/25 22:33:50 | 06,017,024 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/05/25 14:29:14 | 01,768,960 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/03 00:27:26 | 00,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlServi ce.exe
PRC - [2008/01/10 13:07:09 | 03,171,760 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2000/08/08 0325 | 02,695,680 | ---- | M] () -- C:\Users\Y\AppData\Local\Temp\mswinsrv.exe
========== Modules (SafeList) ==========
MOD - [2010/01/25 10:38:59 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Y\Downloads\OTL.exe
MOD - [2009/07/14 05:15:07 | 00,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 05:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/14 05:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 05:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 05:41:56 | 00,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 05:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 05:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 05:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 05:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 05:41:53 | 01,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 05:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 05:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 05:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 05:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 05:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 05:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 05:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 05:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 05:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 05:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 05:40:24 | 00,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 05:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 05:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 05:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 05:40:01 | 00,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 05:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 05:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 05:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 05:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/01/16 11:03:16 | 00,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/12/27 09:31:44 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/11/20 19:17:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/10/27 21:26:36 | 00,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/09/24 01:38:18 | 00,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/06 10:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/26 06:43:14 | 00,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/14 07:20:14 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 07:20:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 05:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 05:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 00:30:11 | 00,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/11 00:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/03 00:27:26 | 00,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlServi ce.exe -- (AsSysCtrlService)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2005/04/04 12:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 21 51 1B 0B 99 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: megaget-extension@megaget.org:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolba r@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 19:34:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/15 19:49:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea 12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/01/04 16:59:01 | 00,000,000 | ---D | M]
[2010/01/10 18:25:25 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Extensions
[2010/01/10 18:25:25 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Extensions\mozs wing@mozswing.org
[2010/01/24 21:38:21 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profile s\eawhgr5k.default\extensions
[2010/01/21 17:28:21 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profile s\eawhgr5k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/21 17:28:21 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profile s\eawhgr5k.default\extensions\megaget-extension@megaget.org
[2010/01/21 17:28:21 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profile s\eawhgr5k.default\extensions\megaget-extension@megaget.org\chrome
[2010/01/21 17:28:21 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profile s\eawhgr5k.default\extensions\megaget-extension@megaget.org\defaults
[2010/01/04 18:30:50 | 00,000,564 | ---- | M] () -- C:\Users\Y\AppData\Roaming\Mozilla\Firefox\Profile s\eawhgr5k.default\searchplugins\bing.xml
[2010/01/24 12:25:09 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/04 16:59:30 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/10/20 06:59:44 | 00,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files (x86)\Mozilla Firefox\components\FFComm.dll
O1 HOSTS File: ([2009/06/11 01:00:26 | 00,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [adiras] C:\Windows\adiras.exe ()
O4 - HKLM..\Run: [adiras] C:\Windows\adirasx64.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe ()
O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Evidence Eliminator] C:\Program Files (x86)\Evidence Eliminator\EEStartupLauncher.exe ()
O4 - HKCU..\Run: [Google Update] C:\Users\Y\AppData\Local\Google\Update\GoogleUpdat e.exe (Google Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Microsoft Windows Driver Utility] C:\Users\Y\AppData\Local\Temp\mswinsrv.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKCU..\Run: [sysdiagol.exe] C:\windows\sysdiagol.exe File not found
O4 - Startup: C:\Users\Y\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll (Google Inc.)
O8:64bit: - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/mis...ex-2.2.5.0.cab (DLM Control)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames...1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor....cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll) - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~2\kasper~1\kasper~1\sbhook.dll) - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/24 03
O32 - AutoRun File - [2008/04/14 10:22:17 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/13 00:05:30 | 00,000,219 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 07:20:14 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2010/01/24 20:37:54 | 00,022,224 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\elrawdsk.sys
[2010/01/24 20:37:54 | 00,000,000 | ---D | C] -- C:\Users\Y\AppData\Local\Evidence Eliminator
[2010/01/24 20:36:25 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\rddrv_9034752
[2010/01/24 20:36:19 | 00,143,360 | ---- | C] (Robin Hood Software Ltd) -- C:\Windows\SysWow64\EEGenFn1.dll
[2010/01/24 20:36:19 | 00,040,712 | ---- | C] (evidence-eliminator.com) -- C:\Windows\SysWow64\eetransx.exe
[2010/01/24 20:35:07 | 00,114,696 | ---- | C] (Teletech Systems, Inc.) -- C:\Windows\SysWow64\Fablock6.ocx
[2010/01/24 20:35:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Evidence Eliminator
[2010/01/24 12:11:05 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/24 12:10:56 | 00,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/24 12:10:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/01/23 12:55:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010/01/22 23:06:16 | 00,000,000 | ---D | C] -- C:\Downloads
[2010/01/22 22:41:51 | 00,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\GetRight
[2010/01/22 22:41:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GetRight
[2010/01/22 22:32:31 | 05,021,512 | ---- | C] (Headlight Software, Inc. ) -- C:\Users\Y\Desktop\getright-download.exe
[2010/01/19 16:40:33 | 00,000,000 | ---D | C] -- C:\Users\Y\Desktop\100CANON
[2010/01/16 22:01:27 | 00,000,000 | ---D | C] -- C:\Users\Y\Desktop\neeshma
[2010/01/16 12:22:12 | 00,000,000 | ---D | C] -- C:\Program Files\KLCP64
[2010/01/16 11:14:28 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/01/16 11:14:27 | 00,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\No Company Name
[2010/01/16 11:09:28 | 00,000,000 | ---D | C] -- C:\Users\Y\Documents\Adobe
[2010/01/16 11:04:05 | 00,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2010/01/16 11:04:05 | 00,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010/01/16 11:04:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2010/01/16 11:03:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/01/16 11:02:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/01/16 11:02:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/01/15 19:49:34 | 00,000,000 | ---D | C] -- C:\Users\Y\AppData\Local\Adobe
[2010/01/15 19:49:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/01/15 19:49:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/01/15 19:49:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/01/15 06:26:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/01/15 06:26:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/01/15 06:26:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/01/15 06:25:55 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/01/15 06:25:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/01/15 06:24:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/01/15 06:22:50 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2010/01/13 21:35:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/01/13 21:35:06 | 00,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\uTorrent
[2010/01/13 21:04:55 | 00,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\BitTorrent
[2010/01/13 21:04:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010/01/13 10:37:21 | 00,000,000 | ---D | C] -- C:\ProgramData\CopyPod
[2010/01/12 17:11:55 | 00,000,000 | ---D | C] -- C:\Users\Y\Desktop\kaspersky
[2010/01/11 21:39:09 | 00,016,384 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64_XP.sys
[2010/01/11 18:47:01 | 00,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010/01/11 18:42:54 | 00,000,000 | ---D | C] -- C:\Users\Y\Documents\BioWare
[2010/01/11 18:40:26 | 00,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP
[2010/01/11 18:40:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/01/11 18:31:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Dragon Age
[2010/01/11 18:31:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/01/11 17:48:06 | 00,000,000 | ---D | C] -- C:\Users\Y\AppData\Roaming\DAEMON Tools Pro
[2010/01/11 17:19:03 | 00,000,000 | ---D | C] -- C:\Users\Y\Documents\NeroVision
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/01/25 10:44:52 | 02,359,296 | -HS- | M] () -- C:\Users\Y\NTUSER.DAT
[2010/01/25 10:42:15 | 00,032,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/25 10:42:15 | 00,032,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/25 10:40:33 | 00,003,074 | -H-- | M] () -- C:\Users\Y\AppData\Roaming\logs.dat
[2010/01/25 09:58:00 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1550045251-2450673400-751050526-1000UA.job
[2010/01/25 08:40:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/25 08:40:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/25 08:40:04 | 32,204,80000 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/24 22:24:04 | 02,090,509 | -H-- | M] () -- C:\Users\Y\AppData\Local\IconCache.db
[2010/01/24 12:19:35 | 00,206,376 | RHS- | M] () -- C:\GRLDR
[2010/01/24 12:10:57 | 00,001,033 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/23 12:58:02 | 00,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1550045251-2450673400-751050526-1000Core.job
[2010/01/23 12:55:31 | 00,002,953 | ---- | M] () -- C:\Users\Y\Desktop\HiJackThis.lnk
[2010/01/23 11:12:55 | 00,350,738 | RHS- | M] () -- C:\BVPOH
[2010/01/23 11:12:55 | 00,000,020 | RHS- | M] () -- C:\winx.ld
[2010/01/22 22:41:44 | 00,001,821 | ---- | M] () -- C:\Users\Public\Desktop\GetRight.lnk
[2010/01/22 22:40:55 | 05,021,512 | ---- | M] (Headlight Software, Inc. ) -- C:\Users\Y\Desktop\getright-download.exe
[2010/01/22 18:54:34 | 00,000,217 | ---- | M] () -- C:\Users\Y\AppData\Roaming\default.rss
[2010/01/22 08:58:33 | 00,727,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/22 08:58:33 | 00,623,890 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/22 08:58:33 | 00,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/20 19:02:32 | 00,784,204 | ---- | M] () -- C:\Users\Y\Desktop\DSC01641.JPG
[2010/01/17 22:28:41 | 00,007,598 | ---- | M] () -- C:\Users\Y\AppData\Local\Resmon.ResmonCfg
[2010/01/17 07:46:32 | 00,058,572 | ---- | M] () -- C:\Users\Y\Desktop\Gori_-_Band_of_Boys.MP3
[2010/01/16 11
[2010/01/16 11:11:53 | 00,110,360 | ---- | M] () -- C:\Users\Y\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/16 11:07:10 | 00,418,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/16 11:03:07 | 00,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 8.0.lnk
[2010/01/15 19:49:24 | 00,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/01/15 06:29:00 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/01/14 15:24:46 | 00,065,205 | ---- | M] () -- C:\Users\Y\Desktop\18380_415021225649_781950649_10 887784_5421874_n.jpg
[2010/01/13 21:37:30 | 00,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/12 21:25:04 | 00,579,133 | ---- | M] () -- C:\Users\Y\Desktop\lot.pdf
[2010/01/11 18:45:33 | 00,000,592 | ---- | M] () -- C:\Users\Y\Desktop\Dragon Age Origins - Shortcut.lnk
[2010/01/11 18:24:10 | 00,000,355 | ---- | M] () -- C:\Users\Y\Desktop\Computer -.lnk
[2010/01/11 17:48:31 | 00,868,848 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/11 16:44:14 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriv er_01_07_00.Wdf
[2010/01/11 16:44:03 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64 _01007.Wdf
[2010/01/11 15:40:10 | 00,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/01/24 20:36:25 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\RDAccess.dll
[2010/01/24 20:36:19 | 00,025,864 | ---- | C] () -- C:\Windows\SysWow64\EEInstMngr.exe
[2010/01/24 20:36:19 | 00,024,620 | ---- | C] () -- C:\Windows\SysWow64\alert2093.wav
[2010/01/24 20:35:07 | 00,028,672 | ---- | C] () -- C:\Windows\SysWow64\MSGHOO32.OCX
[2010/01/24 12:19:35 | 00,206,376 | RHS- | C] () -- C:\GRLDR
[2010/01/24 12:10:57 | 00,001,033 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/23 12:55:31 | 00,002,953 | ---- | C] () -- C:\Users\Y\Desktop\HiJackThis.lnk
[2010/01/23 11:12:55 | 00,350,738 | RHS- | C] () -- C:\BVPOH
[2010/01/23 11:12:55 | 00,000,020 | RHS- | C] () -- C:\winx.ld
[2010/01/22 22:41:44 | 00,001,821 | ---- | C] () -- C:\Users\Public\Desktop\GetRight.lnk
[2010/01/17 07:46:23 | 00,058,572 | ---- | C] () -- C:\Users\Y\Desktop\Gori_-_Band_of_Boys.MP3
[2010/01/16 12:22:13 | 00,206,848 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2010/01/16 12:22:13 | 00,100,352 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2010/01/16 11:13:28 | 00,005,632 | ---- | C] () -- C:\Users\Y\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 11:03:07 | 00,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 8.0.lnk
[2010/01/15 19:49:24 | 00,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/01/15 06:07:11 | 99,260,8256 | ---- | C] () -- C:\Users\Y\Desktop\Microsoft Office Enterprise 2007 SP2.iso
[2010/01/14 15:25:13 | 00,065,205 | ---- | C] () -- C:\Users\Y\Desktop\18380_415021225649_781950649_10 887784_5421874_n.jpg
[2010/01/13 22:43:00 | 00,676,224 | ---- | C] () -- C:\Windows\SysNative\OGACheckControl.dll
[2010/01/13 21:35:44 | 00,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/12 21:25:04 | 00,579,133 | ---- | C] () -- C:\Users\Y\Desktop\lot.pdf
[2010/01/12 17:33:53 | 00,001,304 | ---- | C] () -- C:\Users\Y\Desktop\Notepad.lnk
[2010/01/11 18:45:33 | 00,000,592 | ---- | C] () -- C:\Users\Y\Desktop\Dragon Age Origins - Shortcut.lnk
[2010/01/11 18:24:10 | 00,000,355 | ---- | C] () -- C:\Users\Y\Desktop\Computer -.lnk
[2010/01/11 17:48:31 | 00,868,848 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/01/11 17:25:12 | 10,366,1444 | ---- | C] () -- C:\Users\Y\Documents\VIDEO VISHAM WEDDING Final - Copy.wmv
[2010/01/11 17
[2010/01/11 16:44:14 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriv er_01_07_00.Wdf
[2010/01/11 16:44:03 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64 _01007.Wdf
[2010/01/11 15:40:10 | 00,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/01/09 10:24:26 | 00,045,056 | ---- | C] () -- C:\Users\Y\AppData\Roaming\chrtmp
[2010/01/09 00:13:21 | 03,529,466 | ---- | C] () -- C:\Users\Y\AppData\Roaming\file1.exe
[2010/01/08 00:13:03 | 00,000,217 | ---- | C] () -- C:\Users\Y\AppData\Roaming\default.rss
[2010/01/05 11:31:04 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/04 19:20:10 | 00,000,169 | ---- | C] () -- C:\Windows\adidsl.ini
[2010/01/04 19:20:10 | 00,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2010/01/04 11:36:21 | 00,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2009/12/27 19:49:01 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/12/27 19:49:01 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/12/27 19:45:27 | 00,000,067 | ---- | C] () -- C:\Windows\VSWizard.ini
[2009/12/27 17:50:18 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/12/27 17:50:18 | 00,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/12/27 08:46:47 | 00,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/12/27 08:26:32 | 00,000,990 | ---- | C] () -- C:\Windows\adiras.ini
[2009/08/03 00
[2009/08/03 00
[2009/08/03 00
[2009/08/03 00
[2009/08/03 00
[2009/08/03 00
[2009/08/03 00
[2009/08/03 00
[2009/08/03 00
[2009/08/03 00
[2009/07/14 03:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 01:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/10 14:50:50 | 00,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/01/10 09
[2007/12/28 11:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2005/04/08 06:16:43 | 00,003,074 | -H-- | C] () -- C:\Users\Y\AppData\Roaming\logs.dat
========== LOP Check ==========
[2008/01/10 14:52:46 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\BitDefender
[2010/01/24 20:45:27 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\BitTorrent
[2009/12/31 09:17:49 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Cerberus
[2010/01/11 17:48:06 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\DAEMON Tools Pro
[2010/01/25 10:15:01 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\DMCache
[2002/01/01 15:11:33 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Gamelab
[2010/01/22 23:08:06 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\GetRight
[2010/01/09 20
[2008/01/10 13:09:40 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\IDM
[2010/01/25 10:15:05 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\LimeWire
[2010/01/16 11:14:27 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\No Company Name
[2010/01/11 16:44:08 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\Nokia
[2000/08/08 01:28:57 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\PC Suite
[2008/01/09 17:46:26 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\smc
[2010/01/10 14:22:57 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\TrueCrypt
[2010/01/25 10:46:17 | 00,000,000 | ---D | M] -- C:\Users\Y\AppData\Roaming\uTorrent
[2010/01/16 21:30:13 | 00,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:44:20 | 00,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: AGP440.SYS >
[2009/04/20 22:29:38 | 09,141,880 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/07/14 05:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\mac hine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 05:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e 35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/04/20 22:29:38 | 09,141,880 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Y\My Documents\DriverGenius\Backup\Driver Backup 1-6-2010-16035\IDE Channel#1\atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Y\My Documents\DriverGenius\Backup\Driver Backup 1-6-2010-16035\IDE Channel#2\atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Y\My Documents\DriverGenius\Backup\Driver Backup 1-6-2010-16035\IDE Channel#3\atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Y\My Documents\DriverGenius\Backup\Driver Backup 1-6-2010-16035\IDE Channel#4\atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Y\My Documents\DriverGenius\Backup\Driver Backup 1-6-2010-16035\IDE Channel#5\atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Y\My Documents\DriverGenius\Backup\Driver Backup 1-6-2010-16035\IDE Channel\atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Y\My Documents\DriverGenius\Backup\Driver Backup 1-6-2010-16035\Intel(R) ICH10 Family 2 port Serial ATA Storage Controller 2 - 3A26\atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Y\My Documents\DriverGenius\Backup\Driver Backup 1-6-2010-16035\Intel(R) ICH10 Family 4 port Serial ATA Storage Controller 1 - 3A20\atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Y\My Documents\DriverGenius\Backup\Driver Backup 1-6-2010-16035\Standard Dual Channel PCI IDE Controller\atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\msh dc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 05:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35 _6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 05:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 05:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 05:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a41489 0e8132b\cngaudit.dll
[2009/07/14 05:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc4 9458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008/04/14 16:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\Windows.old\Windows\system32\eventlog.dll
< MD5 for: IASTORV.SYS >
[2009/07/14 05:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\ias torv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sy s
[2009/07/14 05:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e 35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sy s
< MD5 for: NETLOGON.DLL >
[2009/07/14 05:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59ac a8ea51aaeefe\netlogon.dll
[2009/04/20 22:18:21 | 00,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\Windows.old\Windows\system32\netlogon.dll
[2009/07/14 05:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 05:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 05:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401 533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/14 05:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvr aid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 05:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e3 5_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 05:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 05:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 05:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.1 6385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 05:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.1 6385_none_9402d402f2cc75b9\scecli.dll
[2008/04/14 16:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\Windows.old\Windows\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 05:15:50 | 01,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll
[2009/08/29 10:59:32 | 11,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll
< End of report >
Junior Member
OTL Extras logfile created on: 1/25/2010 10:40:10 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Y\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 379.01 Gb Free Space | 81.37% Space Free | Partition Type: NTFS
Drive D: | 76.32 Gb Total Space | 34.65 Gb Free Space | 45.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.46 Gb Total Space | 0.73 Gb Free Space | 9.82% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: Y-PC
Current User Name: Y
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F7E7CEE-54EE-4882-AA16-64F3D84EE27D}" = Tic-Tac-Toe Gadget for Windows SideShow
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{33536245-cc7c-49c8-9eec-29778f189744}" = Nero 9
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers x64
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ADSL USB Driver 2.0.1_is1" = ADSL USB Driver 2.0.1
"BFGC" = Big Fish Games Client
"BitTorrent" = BitTorrent
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FishCo_is1" = FishCo
"GetRight_is1" = GetRight
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Internet Download Manager" = Internet Download Manager
"Kitchen Brigade_is1" = Kitchen Brigade
"LimeWire" = LimeWire PRO 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mario Forever" = Mario Forever 4.0
"McAfee Security Scan" = McAfee Security Scan
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PFConfig" = PFConfig 1.0.251
"Plants vs. Zombies" = Plants vs. Zombies (remove only)
"PremElem80" = Adobe Premiere Elements 8.0
"secretmaryo" = Secret Maryo Chronicles
"Simple Port Forwarding" = Simple Port Forwarding
"SpeechGym_is1" = SpeechGym 1.1
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/24/2010 12
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32", version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",ve rsion="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 1/24/2010 12
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32", version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",ve rsion="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 1/24/2010 12
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32", version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",ve rsion="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 1/24/2010 2:12:43 PM | Computer Name = Y-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa64 5303170382f6.manifest.
Error - 1/25/2010 12:42:29 AM | Computer Name = Y-PC | Source = Software Protection Platform Service | ID = 1017
Description = Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=3MBMV
ACID=?
Detailed
Error[?]
Error - 1/25/2010 12:42:43 AM | Computer Name = Y-PC | Source = Software Protection Platform Service | ID = 1017
Description = Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=3MBMV
ACID=?
Detailed
Error[?]
Error - 1/25/2010 12:42:43 AM | Computer Name = Y-PC | Source = Software Protection Platform Service | ID = 8211
Description = Update Windows license and product key tokens failed with 0xC004F050.
Error - 1/25/2010 12:47:54 AM | Computer Name = Y-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa64 5303170382f6.manifest.
Error - 1/25/2010 12:55:01 AM | Computer Name = Y-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7600.16415 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 740 Start
Time: 01ca9d792574d39a Termination Time: 60000 Application Path: C:\Program Files
(x86)\Windows Media Player\wmplayer.exe Report Id: 98533ee9-096d-11df-8609-00261869216a
Error - 1/25/2010 12:57:01 AM | Computer Name = Y-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa64 5303170382f6.manifest.
[ System Events ]
Error - 1/25/2010 12:54:35 AM | Computer Name = Y-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 1/25/2010 12:54:42 AM | Computer Name = Y-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 1/25/2010 12:54:46 AM | Computer Name = Y-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 1/25/2010 12:54:53 AM | Computer Name = Y-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 1/25/2010 12:55:00 AM | Computer Name = Y-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 1/25/2010 12:55:04 AM | Computer Name = Y-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 1/25/2010 12:55:11 AM | Computer Name = Y-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 1/25/2010 12:55:16 AM | Computer Name = Y-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 1/25/2010 12:55:23 AM | Computer Name = Y-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 1/25/2010 12:55:27 AM | Computer Name = Y-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
< End of report >
Senior Member
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL PRC - [2000/08/08 0325 | 02,695,680 | ---- | M] () -- C:\Users\Y\AppData\Local\Temp\mswinsrv.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKCU..\Run: [sysdiagol.exe] C:\windows\sysdiagol.exe File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. [2010/01/09 00:13:21 | 03,529,466 | ---- | C] () -- C:\Users\Y\AppData\Roaming\file1.exe [2010/01/05 11:31:04 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat :Services :Reg :Files C:\Users\Y\AppData\Local\Temp\mswinsrv.exe :Commands [purity] [emptytemp] [resethosts] [Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Junior Member
Hey is the log that I got when I logon on my pc
All processes killed
========== OTL ==========
No active process named mswinsrv.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8 A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\\sysdiagol.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E2 0-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Y\AppData\Roaming\file1.exe moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Y\AppData\Local\Temp\mswinsrv.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Arvin
->Temp folder emptied: 107582 bytes
->Temporary Internet Files folder emptied: 99792617 bytes
->Java cache emptied: 25808378 bytes
->FireFox cache emptied: 22556928 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Nishma & papa
->Temp folder emptied: 34588352 bytes
->Temporary Internet Files folder emptied: 59066342 bytes
->Java cache emptied: 25808261 bytes
->FireFox cache emptied: 87896208 bytes
User: Public
User: Y
->Temp folder emptied: 127459000 bytes
->Temporary Internet Files folder emptied: 835155 bytes
->Java cache emptied: 15546435 bytes
->FireFox cache emptied: 74810793 bytes
->Google Chrome cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50240 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1033259157 bytes
Total Files Cleaned = 1,534.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.1.26.0 log created on 01252010_214705
Files\Folders moved on Reboot...
C:\Users\Y\AppData\Local\Temp\FXSAPIDebugLogFile.t xt moved successfully.
Registry entries deleted on Reboot...
Senior Member
Please, re-run Malwarebytes.
